Banking  on  VoIP 


Bank  of  America  network  exec  Steve 


Venezia  outlines  the  company's  convergence  game  plan.  PAGE  14. 


Upwardly  mobile  IT  leaders  bucking  for  CEO  are 

moving  from  data  centers  to  the  business  side  of  the  house.  PAGE  39. 
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SPAM 


IN  THE 


THE  SEQUEL 

This  time,  we  tested 
(almost)  everyone. 


WILD 


I.1WILD 


Anti-spam 


■  BY  JOEL  SNYDER,  NETWORK  WORLD  LAB  ALLIANCE 

HOW  BIG  CAN  A  TEST  GET?  We  found  out  with 

our  latest  in-depth  look  at  the  anti-spam  industry.  Spam  is  still 
a  huge  problem,  and  there  is  an  equally  large  market  oppor¬ 
tunity  to  fix  it. 

We  invited  every  anti-spam  vendor 
in  our  online  Buyer’s  Guide  (see 
wwwnwfusion.com,  DocFinder:  5047) 
to  participate.  While  we  expected  to 
get  eight  to  10  vendors  to  sign  up,  41 
participated.We  tested  them  all  for 
spam  catch  rate  (including  false-positive  and  false-negative 
rates), and  performance  and  throughput  (see  charts,  page  35). 

Then  we  let  the  products  speak  for  themselves.  Out  of  the  36 
that  made  it  through  the  first  round,  we  felt  any  product  with  a 
greater-than-90%  spam  catch  rate  and  lower-than-1%  false-posi¬ 
tive  rate  should  get  a  more  in-depth  evaluation  (see  page  34). 
We  still  ended  with  a  dozen  excellent  finalists,  reflecting  the 
growing  maturity  and  commoditization  of  anti-spam  products. 

See  Anti-spam,  page  34 


Bigger  ar  i  better 


The  world’s  largest  Buyer's  Guide  on  anti-spam  products 
keeps  growing.  If  you  are  doing  research  on  anti-spam  prod¬ 
ucts,  look  no  further  than  the  Network  World1  “Living” 
Online  Buyer’s  Guide  in  which  we  have  data  on  more 
than  130  anti-spam  products  (software,  services  and  appli¬ 
ances).  If  it's  not  in  here,  it's  not  worth  researching. 
www.nwfusion.com,  DocFinder:  5047. 


Merger  mania  mounts 

Huge  deals  rock  telecom,  software  landscapes;  more  expected. 


■  BY  NETWORK  WORLD  STAFF 

Three  giant  mergers  and  a  spate 
of  smaller  deals  last  week  re¬ 
shaped  the  software  and  telecom 
industries,  and  could  portend  a 
period  of  consolidation  and  fur¬ 
ther  change  in  the  coming  year. 

The  deals  included  PeopleSoft 
giving  in  to  Oracle’s  prolonged 
hostile  takeover  bid  in  a  deal 
worth  $10.3  billion;  Sprint  and 
Nextel  Communications  in  a  $35 
billion  merger;  and  Symantec 


Big  deals 

Last  week’s  match¬ 
making  saw  more  than 

$59  billion 

change  hands. 


spending  $13.5  billion  for  Veritas 
Software  (see  graphic,  page  12). 
While  it  was  one  of  the  all  time 


biggest  weeks  for  technology 
mergers  —  with  more  than  $59 
billion  trading  hands  —  analysts 
say  more  could  be  on  the  way 
Merger  news  heightens  other 
companies’  awareness  of  threats 
and  opportunities,  says  Bruce 
Richardson,  senior  vice  president 
of  research  at  AMR  Research. 

“Whenever  these  big  mega¬ 
mergers  happen,  the  phones  start 
ringing  off  the  hook,”  he  says. 
“CEOs  are  deluged  by  investment 
See  Merger,  page  12 


Building  VPNs  on  the  cheap 


■  BY  TIM  GREENE 

Charles  Duffy  needed  a  no-cost  way  of  construct¬ 
ing  a  VPN  to  link  his  company’s  remote  quality- 
assurance  and  IT  staff  to  the  corporate  headquar¬ 
ters  at  Catalis  Health  in  Austin, Texas. 

The  answer  was  OpenVPN.the  open  source  SSL- 
based  VPN  software  available  as  a  download  from 
the  Internet.  The  only  investment  Catalis  made  in 


the  project  was  time,  about  80  hours  that  was  spent 
testing  OpenVPN  and  writing  custom  wizards  to 
help  users  install  client  software,  says  Duffy,  who  is 
a  senior  deployment  engineer  at  Catalis.“We  were 
budget-impacted  so  commercial  solutions  weren’t 
on  the  table,”  he  says. 

While  he  tapped  into  free  VPN  software,  it  is  pos¬ 
sible  to  find  serviceable  low-cost  alternatives  to  the 

See  VPNs,  page  49 


A  Wider  Net 


Aquarium  net  does  just  swimmingly 


Attention  to  security  keeps  users  —  eels,  sharks  and  whales  —  off  the  rocks. 


■  BY  BETH  SCHULTZ 


So  you  think  those  guys  over  in  accounting  are  as  slippery' 
as  eels,  but  have  you  ever  considered  what  your  job 
would  be  like  if  the  creatures  you’re  supporting  actually 
did  live  in  the  sea?  Not  that  a  green  moray  would  clamor  for 
Gigabit  Ethernet  to  the  desktop  or  wireless  LAN  access,  mind 
you.  But  what  if  network  availability  could  affect  the  well-being 
of  that  eel,  or  a  whale  pod  or  a  school  of  snappers? 

See  Aquarium,  page  15 


KEVIN  RECHIN 


/ 


PI  J  f  |T  IN  THE 

SERVER  ROOM. 

F  EEL  IT  IN  THE 

BOARDROOM. 


'Based  on  two-tier  SAP  Sales  and  Distribution  (SAP  SD)  Standard  Application  Benchmark  result  on  the  8-way  IBM  eServer  p5  570  (AIX  5L  v5.3,  DB2  UDB  v8.1)  of  2,600  benchmark  users.  1 .99  second 
average  response  time  (certification  number  2004041),  as  compared  to  the  8-way  HP  Integrity  r*7620  (HP/UX  111.  Oracle  9i)  result  of  1,500  benchmark  users,  1.95  second  average  response  time 
(certification  number  2003045).  Current  as  of  November  24.  2004.  Source:  http7fwww.sap.com/benchmark.  Operating  systems  sold  separately.  ’Available  on  select  models.  IBM.  eServer,  the  eServer 


Meet  the  IBM  eServer™  p5  570  -  the  ultimate  in  performance  for  on  demand  business.  The  p5-570  is  powerful.  It’s 
easy  to  manage.  It’s  competitively  priced.  And  it  supports  70%  more  users  than  a  midrange  HP  system  (on  the  mySAP™ 
ERP  solution)?  So  what  could  that  mean  for  you?  A  lower  TCO.  A  better  bottom  line.  A  happy  boardroom.  You  need  to 
learn  more  about  the  p5-570  at  ibm.com/eserver/performance 


5  reasons  why  you  need  the  IBM  eServer  p5  570. 


High-performance 

Runs  IBM  AIX  5Lm 

Innovative  modular 

Capacity  on  demand 

Advanced  virtualization 

POWER5u  processors. 

and  Linux f2 

design. 

capabilities ? 

options. 

@  server 


Want  a  happy  boardroom? 

Check  out  the  IBM  eServer  p5  570. 


logo.  AIX  5L  and  POWER5  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Linux  is  a  trademark  of  Linus  Torvalds  in  the  United  States, 
other  countries,  or  both.  SAP  mySAP  and  all  SAP  product  and  service  names  mentioned  herein  are  trademarks  or  registered  trademarks  of  SAP  AG  in  Germany  and  in  several  other  countries  around  the  world.  Other 
company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2004  IBM  Corporation.  All  rights  reserved. 


Spam  and  virus  protection  at  an  affordable  price. 


/ 

/ 

•  No  per  user  license  fees  / 

•  Prices  starting  at  $1399  j 

•  Powerful,  enterprise-class  solution 


uda  Spam  Firewall 


^Copyright  2004  Barracuda  Networks.  Inc  All  rights  reserved.  Reclaim  Your  Email. and  Barracuda  Spam  Firewall  are  either 
rademarks  or  rog<stered  trademarks  of  Barracuda  Networks  Inc.  and/or  It  subsidiares  in  the  United  States  and/or  other  countries. 


Order  a  free  evaluation  unit  at 
www.barracudanetworks.com 


POWERFUL 


EASY  TO  USE  AFFORDABLE 


Aggressive  Reseiier  Program 

Get  more  info  by  visiting  www.barracudanetworks.com/RSA 
or  by  calling  1-888-ANTi-SPAR/l  or  408-342-5400 
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WILD 


It  doesn’t  get  any  bigger  than  this  —  we  tested 
36  anti-spam  products  for  catch  rate  and  false¬ 
positive  rate.  The  10  top  finishers  were  put 
through  an  even  more  detailed  evaluation.  See 
results  beginning  on  Page  34. 
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Anti-spam 


More  online! 

And  go  online  for  our  giant  anti-spam  Buyer’s  Guide,  featuring  more 
than  130  products,  www.nwfusion.com,  DocFinder:  5047. 
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Breaking  News 


Go  online  for  breaking  news  every  day.  DocFinder:  6342 


Available  only  on  Fusion 

Cool  Yule  Tools 

Not  sure  what  to  get  the  big  kids  on  your  list?  Not  sure  what  to 
put  on  your  wish  list?  Check  out  our  annual  Holiday  Gift  Guide, 
where  we  give  you  the  lowdown  on  more  than  130  cool  gifts, 
from  cell  phones  and  digital  cameras  to  video  games,  robots, 
vending  machines  and  more.  DocFinder:  4729 

Network  World  Fusion  Radio:  Getting 
your  rebate  money 

Rebates  can  be  the  bane  of  one's  existence  when  it  comes  to 
buying  electronics,  especially  this  time  of  year  as  people  load  up 
on  holiday  goodies  for  friends  and  family.  But  as  Small- Business 
Tech  columnist  James  Gaskin  explains,  getting  your  rebate  is  not 
always  easy.  DocFinder:  5046 

Holiday  Prep  2004 

Check  out  our  series  of  stories  about  retailers  bolstering  their 
Web  sites  in  time  for  holiday  sales.  See  what  e-tailers  are  doing 
to  improve  their  site  performance  and  customer  satisfaction. 

DocFinder:  5132 


New  Network  Life  blogs 

Security  chief 

Columnist  Deb  Radcliff  talks  about  Mac  converts  and  the  role  of  secu¬ 
rity;  HERF  guns  —  truth  or  fiction;  and  more.  DocFinder:  5133 

Off  the  clock 

Editor  Keith  Shaw  looks  at  Voodoo's  new  liquid-cooled  gaming  PC,  how 
to  build  an  instant  photo  Web  site  and  more  fun  after-hours  pursuits. 

DocFinder:  5042 

Online  help  and  advice 

Wireless  Wizards 

Wireless  LAN  simulation  tools 

The  Wizards  help  a  reader  who  asks:  "Is  there  a  tool  we  can  use 
in  the  design  of  a  WLAN  implementation  that  helps  simulate  the 
environment  where  the  access  points  (cither  802.11a,  b  or  g)  will 
be  located  and  the  behavior  of  these  access  points  given  the  map 
of  the  area  (including  obstacles)?"  DocFinder:  5134 


This  week  at  Network  Lifer.  The  Expert’s 
Guide  to  the  Connected  Home 

Every  day  Network  Life  offers  everything  you  need  to  know  to 
keep  your  —  and  your  family's  and  friends'  —  home  network 
humming.  Get  the  latest  news,  opinions,  reviews,  how-tos  and 
more.  DocFinder:  4838 

Network  Encyclopedia 

Get  definitions  for  the  technologies,  hardware,  protocols,  standards 
and  more  behind  networking.  DocFinder  5548 


Small-Business  Tech 

Getting  a  printer  for  the  holidays? 

Columnist  James  Gaskin  takes  a  look  at  two  of  HP's  all-in-one 

printers.  DocFinder:  5135 

HomeLAN  Adventure 

Home  networks  in  2005 

Columnist  Keith  Shaw  offers  his  predictions  and  anticipates  home 
network  challenges  for  the  new  year.  DocFinder:  5142 


Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  50 
newsletters  on  key  network  topics. 

DocFinder  6343 


What  is  DocFinder? 

We've  made  it  easy  to  access  articles  and  resources  online.  Simply  enter  the  four-digit  DocFinder 
number  in  the  search  box  on  the  home  page,  and  you'll  jump  directly  to  the  requested  information 
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■  TheGoodlheBadTheUgly 

(g>  Wi-Fi  to  fly.  The  FCC  last  week  announced  decisions  that  could  make  it  easier 
for  airline  passengers  to  access  the  Internet  and  make  cell  phone  calls  while  in 
flight.  It’s  hard  to  deny  the  productivity  benefits  possible  from  exploiting  Wi-Fi-  or 
VoIP-enabled  devices  on  planes.  Of  course,  this  might  not  seem  like  such  a  good 
idea  some  day  when  you're  sitting  in  the  middle  seat  and  the  people  on  your  left 
and  right  are  yelling  into  their  phones  to  be  heard  over  the  jet  engines. 


Windows  weaknesses.  Microsoft  last  week  released  five  security 
bulletins  warning  of  several  vulnerabilities  that  put  computers  running  Windows  at 
risk  of  attack.  However,  none  of  the  flaws  is  rated  "critical,"  Microsoft's  highest 
severity  rating.  The  software  maker  deems  the  vulnerability  fixes  as  "important," 
one  notch  lower  on  its  severity  rating  scale. 

Bah  humbug.  A  new  version  of  the 
Zafi  e-mail  worm  is  spreading  Christmas  wishes 
along  with  its  malicious  code,  according  to  anti¬ 
virus  software  companies.  Zafi.D  is  a  mass¬ 
mailing  worm  that  arrives  in  a  zip  file  attached 
to  e-mail  messages  with  the  subject  “Merry 
Christmas."  Instead  of  a  gift,  the  e-mail  package  delivers 
worm  code  that  infects  Windows  systems  on  which  it  is  opened.  Leading  anti-virus 
companies  have  updated  anti-virus  signatures  to  stop  the  new  threat.  A 


Microsoft  flags  hole  in  XP  SP2  firewall 

■  Microsoft  quietly  has  released  an  update  to  Windows  XP  to  fix 
a  potentially  serious  configuration  problem  in  the  firewall  that 
ships  as  part  of  Windows  XP  Service  Pack  2.  Users  who  installed 
SP2  on  their  Windows  XP  machines  and  also  have  file  and  printer 
sharing  enabled  might  have  been  sharing  their  files  and  printers 
with  the  entire  Internet,  according  to  Microsoft.  By  default,  file  and 
printer  sharing  makes  changes  to  the  SP2  firewall  to  give  comput¬ 
ers  on  the  “local  network”  access  to  shared  resources.  However, 
the  definition  of  that  local  network  depends  on  the  ISP  In  some 
cases,  especially  with  dial-up  ISPs,  it  meant  the  entire  Internet, 
according  to  Microsoft. Still, even  with  the  update, a  local  network 
could  extend  beyond  what  users  might  consider  a  local  network. 
To  cordon  off  a  network  and  prevent  unwanted  access,  users 
should  place  an  additional  firewall  in  front  of  the  network,  the 
company  says. 

Stock  exchange  going  wireless 

■  The  New  York  Stock  Exchange  last  week  shared  details  about  a  wireless  trading  sys¬ 
tem  it’s  been  developing  with  IBM  for  the  past  couple  of  years  and  testing  for  the  last 
several  months.  Brokers  on  the  trading  floor  will  use  the  system,  called  TradeWorks,  to 
place  orders  and  communicate  market  information  from  the  point  of  sale  to  institu¬ 
tional  investors.  NYSE  decided  to  modernize  its  processing  system  to  keep  up  with  esca¬ 
lating  trading  and  messaging  volumes  without  having  to  increase  head  count.  Along 
with  60%  to  80%  compound  annual  growth  rate  in  share  volume,  NYSE  has  had  to  deal 
with  an  even  greater  surge  in  messaging  traffic.  Brokers  today  collectively  send  and 
receive  an  average  of  75,000  messages  per  day  —  up  sixfold  over  the  last  four  years.The 
new  system  will  provide  a  much  faster  wireless  network  and  let  brokers  deal  with  cus¬ 
tomers  more  effectively,  NYSE  officials  said. 

ZigBee  group  ratifies  sensor  net  spec 

SB  The  ZigBee  Alliance  has  ratified  the  first  specification  for  wireless  sensor  networks. 
The  ZigBee  specification  is  the  result  of  two  years’  worth  of  work  by  more  than  100  com¬ 
panies.  The  document  lays  out  the  higher-layer  requirements  for  low-cost,  very  low- 
power,  wireless  mesh  radios  that  can  be  coupled  with  an  array  of  sensors.The  sensors 
can  detect  things  such  as  temperature,  vibration,  liquid  volumes  or  flow,  movement  and 
moisture. The  data  is  passed  over  the  mesh  network,  in  the  2.4-GHz  band,  to  a  gateway 
and  then  to  conventional  servers  and  applications.  Details  are  available  at  www. 
zigbee.org. 


COMPENDIUM 

How  important  is  your  name? 

A  co-worker  came  up  with  an  ego  game  for  Google  Suggest  -  the  beta  search  service 
that  auto-fills  the  query  box  as  you  type:  See  how  many  letters  in  your  name  you  have 
to  type  before  your  name  comes  up  in  the  suggestion  list.  Seven  letters  for  me,  sniff, 

sniff.  Search  for  more  at  www.nwfusion.com,  DocFinder:  5141. 


IBM  researchers  eye  lOOT-byte  tape  drive 

■  IBM  has  begun  work  on  new  technologies  designed  to  boost  the  capacity  of  tape  stor¬ 
age  devices  250  times.  Using  “nanopatterning”  techniques  derived  from  the  company’s 
microprocessor  division,  researchers  say  they  expect  to  one  day  build  cartridges  that 
can  store  as  much  as  100T  bytes  of  data.  For  years  now,  engineers  have  wrung  more 
capacity  out  of  tape  storage  by  narrowing  the  tracks  of  magnetic  material  that  store  data 
on  a  spool.  IBM  is  able  to  store  704  data  tracks  on  the  half-inch-wide  tape  used  by  its 
TotalStorage  3580  LTO  Generation  3  drives.  This  device  can  store  about  400G  bytes  of 
data,  but  to  store  more  than  the  IT  byte  researchers  say  they  will  have  to  make  major 
changes.The  researchers  now  are  exploring  ways  they  can  use  chip  techniques  such  as 
reactive  ion  etching  (a  very  precise  method  for  putting  patterns  on  film)  or  sputter 
deposition  (a  method  of  applying  film  in  a  very  well-controlled  way)  to  increase  stor¬ 
age  capacity 

Judge  dismisses  Maryland  spam  complaint 

■  An  e-mail  marketing  company  that  was  sued  for  allegedly  violating  Maryland’s  anti¬ 
spam  law  has  prevailed  on  constitutional  grounds. Three  similar  laws  in  Virginia,  New 
York  and  Vermont  have  been  declared  unconstitutional  for  violating  the  Commerce 
Clause,  while  anti-spam  laws  in  Washington  and  California  have  survived  court  chal- 
lenges.The  Maryland  case  involves  First  Choice  Internet  in  Carle  Place,  N.YThe  compa¬ 
ny  and  its  founder  were  sued  in  late  2003  for  allegedly  violating  Maryland’s  Commercial 
Electronic  Mail  Act,  which  was  enacted  in  2002.  First  Choice  filed  a  motion  to  dismiss 
the  case,  and  Judge  Durke  Thompson  of  the  Circuit  Court  for  Montgomery  County  in 
Maryland  granted  it  this  month.  First  Choice  gave  three  reasons  for  dismissing  the  case, 
and  the  judge  agreed  with  all  of  them:  first,  that  the  MCEMA  violates  the  Commerce 
Clause  of  the  Constitution;  second,  that  the  Maryland  court  lacks  jurisdiction;  and  third, 
that  the  plaintiff  shouldn’t  have  been  included  in  the  lawsuit. 

Cisco  to  open  research  center  in  Japan 

■  Cisco  will  open  a  research  and  development  center  in  Tokyo  focusing  on  Internet 
software  and  routing  technologies  in  February  The  company  initially  will  invest  $12  mil¬ 
lion  over  five  years  in  the  center,  which  will  employ  10  engineers  working  on  develop¬ 
ment  of  the  company’s  IOS  and  IOS  XR  software,  routers,  IPv6  and  wireless  technologies, 
the  company  says.  The  opening  of  the  center  comes  after  the  company  won  several 
major  contracts  for  its  software  and  equipment  based  on  the  CRS-1  system  from 
Japanese  customers.  Softbank  BB,  which  operates  broadband  services  in  Japan  under 
the  Yahoo  BB  name,  has  chosen  CRS-1  for  its  network  backbone  and  Japan’s  National 
Institute  of  Informatics  will  use  the  CRS-1  as  its  core  routing  system  for  research  into 
grid, supercomputing  and  other  applications,  according  to  Cisco. 
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SEEING  VIRUS  OUTBREAKS 
BEFORE  THEY  HAPPEN 


VIRUS  OUTBREAK  FILTERS 


April  16,  2004.  April  26, 

•  ■  ■  ■  -v  . 


2004.  July  26.  2004.  These  days  will  live  in  infamy.  That  is 

,  *  ,  ^  , 
if  you  happen  to  be  an  email  administrator.  On  those  days  . 

(respectively)  the  Netsky,  Bagel  and  MyDoom  viruses 

broke  out.  Even  non-technicai  folks  remember  those  days 
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messages  supposedly  from  known  people,  but  with  subject 
iines  like  "test”  or  "RE:  that  proposal.” 
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The  Email  to  Virus  Connection 

ICSA®  Labs,  an  independent  security  focused  trade  organiza¬ 
tion  that  offers  vendor-neutral  testing  and  certification  of 
security  products,  estimates  that  more  than  90  percent  of  all 
viruses  are  delivered  by  email.  But  the  advent  of  Netsky,  Bagel 
and  MyDoom  marked  a  new  and  very  ugly  chapter  in  the 
development  of  viruses.  The  sophistication  of  these  viruses — 
and  their  use  of  social  engineering  techniques  to  appear  very 
compelling  or  very  legitimate  to  end-users — resulted  in  many 
users  opening  these  messages.  Global  infection  followed  with¬ 
in  hours.  And  this  level  of  global  outbreak  was  not  a  fluke. 
The  viruses  were  designed  to 


per  outbreak  is  still  US  $280,000  (2  percent  of  70,000 
messages  x  US  $200)  or  more.  This  ignores  any  cost  associat¬ 
ed  with  the  internal  spreading  of  the  virus.  Often  times,  an 
infection  cleanup  requires  an  IT  technician  to  physically  go  to 
the  infected  machine  with  a  CD  to  restore  service.  So,  it  is 
not  hard  to  see  why  virus  outbreaks  are  at  the  top  of  the 
worry  list  for  every  IT  professional.  Not  only  do  they  disrupt 
business,  they  cost  real  money.  Gartner  notes,  “Network 
downtime  will  increase  200%  due  to  viruses  and  blended 
threats  by  Q1  2005  costing  the  average  company  US  $4 
million  per  year.” 


exploit  a  flaw  in  traditional 
anti-virus  systems  that  are 
widely  deployed.  This  flaw 
is  known  as  the  reaction 
time  gap. 

Traditional  anti-virus  sys¬ 
tems  are  reactive.  They  work 
by  capturing  a  sample  of  a 

new  virus,  isolating  it  in  a  laboratory,  characterizing  it,  gener¬ 
ating  an  image  definition  file  (IDE),  testing  the  IDE,  then 
pushing  it  out  to  millions  of  servers  around  the  world.  The 
major  anti-virus  vendors  all  seek  to  minimize  the  time  from 
first  detection  to  IDE  availability,  but  no  matter  how  good  the 
vendor  this  process  still  takes  a  finite  amount  of  time,  maybe 
six,  eight,  or  12  hours  depending  on  the  complexity  of  the 
virus.  It  is  precisely  this  reaction  time  “gap”  that  modern 
virus  writers  are  trying  to  exploit.  And  at  an  alarming  rate, 
McAfee  Inc.  estimates  there  are  more  than  81,000  viruses 
today,  with  more  than  5  0  new  viruses 
released  daily. 

With  compelling  subject  lines  and  mutation  tactics  to  lure 
unsuspecting  email  users  to  open  them,  the  new  crop  of  virus¬ 
es  frequently  steal  legitimate  names  of  users  from  an  infected 
machines’  address  book  and  inserts  them  into  the  email  head¬ 
er  information,  indicating  who  a  message  is  FROM  or  TO. 
Operational  data  has  shown  that  within  less  than  two  hours 
from  the  first  appearance  of  a  virus,  a  typical  Fortune  500 
company  may  receive  more  than  35,000  messages,  and  more 
than  70,000  messages  may  be  received  before  the  first  IDE  is 
available  from  an  anti-virus  vendor.  This  means  that  all  those 
infected  messages  make  their  way  to  the  end-user’s  inbox 
without  impediment. 

Cyberattacks  Cost  Big  Money 

ICSA  Labs’  study  found  the  average  cost  of  cleaning  up  an 
infected  machine  is  more  than  US$200  per  desktop.  If  only  2 
percent  of  those  who  receive  a  virus  actually  open  it,  the  cost 


“Network  downtime  will  increase  200% 
due  to  viruses  and  blended  threats  by 
Q1  2005  costing  the  average  company 
US  $4  million  per  year” 

-GARTNER 


EDS:  Customer 
Commitment 
Leads  to 
Innovation 

Innovative  IT 
thinkers  have  been  tack¬ 
ling  this  problem  for 
some  time.  Electronic 

Data  Systems  (EDS)  is  a  leading  provider  of  managed  services 
for  corporations.  Email  and  security  are  some  of  the  things 
the  EDS  team  knows  best.  As  a  result,  the  EDS  team  has  built 
a  multi-layer,  multi-vendor  anti-virus  defense  system  for  their 
corporate  customers,  yielding  best  of  breed  protection.  And 
yet,  with  the  onslaught  of  this  new  class  of  very  rapidly 
spreading  viruses,  EDS  end-users  were  still  being  impacted. 

Like  most  email  administrators,  EDS’  commitment 
to  their  clients  is  to  maintain  networks  and  services  at 
maximum  performance.  With  the  attacks  on  corporate  net¬ 
works,  the  EDS  team  was  challenged  by  the  speed  and  muta¬ 
tions  of  the  viruses.  In  trying  to  stay  one-step  ahead  of  the 
virus  writers,  the  EDS  team  began  paying  close  attention  to 
Internet  news  groups  and  chat  boards.  If  the  EDS  team  heard 
of  a  virus,  they  would  scan  through  the  incoming  mail  logs 
and  look  to  verify  an  outbreak.  If  discovered,  they  would  take 
whatever  steps  possible  to  prevent  the  outbreak — including 
blocking  all  mail.  “With  very  few  avenues  of  approach  or 
defense,  considering  the  challenges,  it  seemed  the  best 
response  was  to  eliminate  threats  by  blocking  email,”  says 
Richard  C.  Parvin,  a  senior  engineer  at  EDS.  But  Parvin  knew 
this  was  not  an  elegant  solution,  not  even  an  especially  good 
band-aid,  as  it  stopped  both  good  and  bad  mail.  Parvin  con¬ 
tinued  to  seek  a  real  solution  for  his  customers,  and  decided 
to  use  EDS’  existing  spam  email  database  to  spot  questionable 
characteristics  in  quarantined  mail. 

Virus  Outbreak  Filters 

The  techniques  employed  by  Parvin  and  his  team  are  the 
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inspiration  behind  a  technical  breakthrough  at  IronPort 
Systems:  Virus  Outbreak  Filters.  IronPort  is  the  leading 
provider  of  email  security  appliances  to  large  corporations  and 
ISPs  such  as  Charter  Communications,  Sprint,  Verizon,  Bell 
Canada  and  RoadRunner.  IronPort  appliances  act  as  the  outer 
layer  of  protection  and  are  designed  to  stop  spam,  viruses, 
denial  of  service  attacks  and  corporate  email  policy  violations. 
Tom  Gillis,  Senior  Vice  President  of  Worldwide  Marketing  for 
IronPort,  says  what  makes  their  product  unique  is  the  very 
high  performance  platform  the  company  has  developed. 
IronPort’s  AsyncOS  is  a  proprietary  operating  system  opti¬ 
mized  for  the  asynchronous  nature  of  email  messages.  Because 
of  the  tight  integration  of  the  OS  and  IronPort’s  completely 
new  message  transfer  agent  (MTA)  design,  the  IronPort  appli¬ 
ances  are  more  than  ten  times  more  efficient  than  traditional 
UNIX  or  Windows  based  MTAs.  This  ultra  high  performance 
allows  the  IronPort  appliance  to  apply  more  system  resources 
to  scanning  incoming  mail,  and  sorting  out  friend  from  foe. 
The  combination  of  this  high  performance  platform  with 
powerful  management  tools  has  made  the  IronPort  system  the 
email  security  technology  of  choice  for  six  of  the  ten  largest 
ISPs  in  the  world  and  many  Fortune  500  companies,  including 
several  of  those  served  by  EDS. 

Cisco  Systems  Participates  in  Beta 

Cisco  Systems  is  another  IronPort  customer  instrumental  in 
shaping  the  development  of  the  technology.  The  Cisco  team 


found  that  they  could  replace  large,  administratively  intensive 
UNIX  servers  running  traditional  email  gateways,  such  as 
open-source  Sendmail,  with  a  small  number  of  high  perform¬ 
ance  IronPort  appliances. 

“The  management  tools  on  the  IronPort  are  awesome,” 
said  Cisco’s  Email  Engineering  Chief  Erik  Martin.  “They  allow 
us  to  manage  a  global  infrastructure  centrally  from  San  Jose.” 
These  same  management  tools  are  now  available  to  help 
overcome  virus  outbreaks.  Cisco  has  been  running  Virus 
Outbreak  Filters  for  some  time.  “During  the  beta  test  we 
stopped  six  outbreaks  before  they  even  occurred,”  said  Martin. 
Preventive  action  at  the  network  perimeter  can  save  millions 
of  dollars  lost  in  desktop  cleanup  and  business  disruption. 

Virus  Outbreak  Filters 
Leverage  SenderBase  Network 

One  unique  aspect  of  IronPort  appliances  is  they  collect  traffic 
pattern  data  in  a  central  repository  known  as  SenderBase.  In 
fact,  IronPort  has  licensed  the  SenderBase  data  to  the  open- 
source  community.  For  example,  SenderBase  data  being  used 
in  popular  open-source  spam-filtering  software  such  as 
Spam  Assassin.  The  combination  of  IronPort’s  large  ISP  and 
corporate  customers,  along  with  the  massive  footprint  of 
open-source  users,  means  that  SenderBase  has  a  very  large  and 
very  diverse  data  footprint.  SenderBase  data  is  derived  from 
more  than  50,000  Internet  sources  and  is  estimated  to  sample 
more  than  30  percent  of  all  email  traffic  on  the  Internet. 


IRONPORT'S  THREAT  OPERATIONS  CENTER 

Speed  and  accuracy  are  core  to  ensuring  zero  infections  in  the  face  of  rapidly  propagating 
outbreaks.  To  this  end,  IronPort  staffs  a  24x7  Threat  Operations  Center  (TOC). 

Outbreaks  detected  through  the  SenderBase  Network  are  closely  monitored  through  their  entire 
lifecycle  by  experienced  TOC  analysts.  Using  sophisticated  tools,  analysts  carefully  study  and 

refine  automatically  generated  threat  levels  and  preventive 
measures.  Updates  are  made  on  a  constant,  rapid  basis  to 
ensure  efficacy  and  counter  the  dynamic  nature  of  threats. 

A  customer-facing  website  is  continuously  updated  with  data 
on  current  outbreaks. 

In  addition  to  the  above  tasks,  analysts  use  the  tools  to 
easily  visualize  complex  real-time  and  historical  traffic  pat¬ 
terns  by  simply  clicking  to  sort,  filter  or  explore  message 
volume,  size,  attachments,  and  sources.  This  allows  analysts 
to  spot  trends  and  potential  problems  quickly— helping  make 


TING  VOGEL,  MANAGER  OF  IRONPORT’S 
THREAT  OPERATIONS  CENTER 


better  decisions. 
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SenderBase  collects  key  data  points  such  as  the  volume  of 
email  sent  from  a  given  IP  address,  how  long  that  IP  has  been 
sending  mail,  if  the  IP  address  accepts  mail  in  return,  if 
its  an  open  proxy  or  open  relay,  what  the  country  of  origin  is, 
and  if  end-users  are  complaining  about  spam  coming  from 
the  IP.  A  total  of  more  than  50  different  data  points  are  tracked 
for  every  given  sender  on  the  Internet. 

The  SenderBase  network 
provides  a  unique,  global 
view  of  email  traffic  pat¬ 
terns,  and  receives  more 
than  five  billion  queries 
per  day.  In  some  ways 
SenderBase  is  similar  to 
consumer  credit  rating  serv¬ 
ices,  monitoring  traffic  pat¬ 
terns  to  determine  the  trustworthiness  of  a  given  sender,  and 
looking  for  anomalies  that  would  indicate  fraud  or  a  virus 
outbreak.  IronPort  Systems  has  a  team  of  statisticians  that 
build  historical  models  of  “normal”  or  typical  traffic  patterns. 
Real  time  data  is  compared  to  the  historical  models  to  identify 
deviations  in  traffic  associated  with  a  virus  outbreak.  For 
example,  if  SenderBase  suddenly  detects  a  surge  in  new  IP 
addresses  sending  mail,  and  none  of  these  IP  addresses  accept 
mail,  and  they  all  seem  to  be  sending  password  protected  .ZIP 
files,  there  is  a  good  chance  this  traffic  pattern  has  highlighted 
a  virus  outbreak.  By  studying  SenderBase  patterns,  IronPort’s 
Virus  Outbreak  Filters  can  detect  and  defend  against  virus 
outbreaks.  This  early-warning  system  can  prevent  virus 
proliferation  and  avert  attacks  on  corporate  networks,  saving 
companies  the  high  cost  of  downtime  and  recovery. 

IronPort’s  Threat  Operations  Center 

SenderBase  statistical  data  is  displayed  in  IronPort’s  Threat 
Operations  Center  (TOC).  Technicians  in  the  TOC  review 
alerts  generated  by  the  statistical  models,  and  cross  correlate 
the  anomaly  with  other  data  sources.  When  a  TOC  technician 
is  determines  that  an  outbreak  may  be  occurring,  he  will  raise 
the  threat  level  for  messages  that  match  that  anomaly.  This 
signal  is  automatically  sent  to  the  IronPort  appliances,  which 
will  alert  local  administrators,  and  at  the  same  time  begin 
quarantining  suspicious  messages.  “Mail  does  not  get 
re-routed,”  says  IronPort’s  Tom  Gillis.  “Instead  the  quarantine 
is  local,  and  customers  can  configure  the  thresholds  for  each 
threat  level  (from  zero  to  five)  as  appropriate  to  their 
corporate  policies.” 

This  process  may  occur  anytime  a  threat  breaks  out —  say 
2:00am  on  a  Sunday.  Local  administrators  can  choose  to 


respond  to  the  alert  immediately,  but  most  often  the  admin 
team  will  wait  until  normal  operating  hours  to  examine  the 
threat  in  an  orderly  fashion.  The  IronPort  appliances  quaran¬ 
tine,  but  do  not  delete,  any  messages.  The  quarantine  has 
powerful  tools  that  allow  administrators  to  examine  the 
messages,  scan  them  with  the  latest  virus  definition  files,  and 
release  or  delete  individual  messages.  Certain  time  sensitive 

users  can  be  opted  out  of 
the  quarantining  process 
as  well.  Administrators  can 
rest  easy  knowing  that  sus¬ 
picious  mail  is  stopped  at 
the  door,  and  they  have 
effective  tools  to  examine 
and  manage  any  outbreak. 
Peter  Christy, 

co-founder  of  NetsEdge  Research,  an  Internet  infrastructure 
consulting  firm,  has  said  of  Virus  Outbreak  Filters,  “It’s  an 
important  step,  and  there’s  nothing  comparable.  Even  though 
all  the  virus-definition  companies  work  as  diligently  as 
possible  to  devise  filters  as  soon  as  viruses  are  seen,  there’s  a 
significant  time  lag  between  detection  and  the  availability  of 
a  virus  signature.” 

Available  Now 

Virus  Outbreak  Filter  technology  has  been  in  beta  test 
since  June,  2004  and  the  results  are  impressive.  Recently, 
EDS  was  able  to  get  a 
4-hour-and-48-minute 
lead-time  on  the  last 
outbreak  of  the  Bagel 

Virus  (Bagel  AI).  The  IronPort  C-Serles  Email  Security  Appliance 

same  technology  that  protects  global  leaders  like  Cisco 
and  EDS  is  now  available  in  an  affordable,  easy  to  use 
appliance  that  even  small  enterprises  should  consider. 

The  Virus  Outbreak  Filter  feature  is  part  of  the 
IronPort  C-Series  line  of  email  security  appliances.  Email 
borne  viruses  are  expected  to  get  worse.  Make  sure  your 
business-critical  email  can  survive  the  coming  storm. 

To  arrange  your  free  evaluation  of  the  IronPort  C-Series 
Email  Security  Appliance  with  Virus  Outbreak  Filters, 
call  650-989-6350  or  visit  www.ironport.com/contact 


“It’s  an  important  step,  and  there’s  nothing 
comparable.  Even  though  all  the  virus-definition 
companies  work  as  diligently  as  possible  to 
devise  filters  as  soon  as  viruses  are  seen,  there’s 
a  significant  time  lag  between  detection  and  the 
availability  of  a  virus  signature.” 

-PETER  CHRISTY 
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Cisco  rolls  out  branch  office  storage 


■  BY  DENI  CONNOR 

Cisco  last  week  rolled  out  storage  and 
caching  appliances  that  let  customers  bet¬ 
ter  manage  and  protect  data  in  remote 
offices. 

The  Cisco  File  Engine  Series  is  a  set  of 
appliances  the  company  acquired  from 
Actona  Technologies  in  August  that  enable 
file  server  consolidation,  file  sharing  and 
data  protection. 

The  Cisco  File  Engine  employs  a  technol¬ 
ogy  called  wide  area  file  services  (WAFS), 
which  overcomes  the  latency  of  file  trans¬ 
fers  over  WAN  connections,  Cisco  says.  For 
data  to  be  transmitted  from  a  branch  office 
to  a  data  center,  files  need  to  be  broken 
into  individual  packets,  and  application 
and  storage  systems  need  to  verify  that  the 
transmission  was  successful,  thus  adding 


unacceptable  latency  to  the  network. 

“[WAFS]  for  remote  offices  is  a  growing 
market  opportunity  —  if  you  want  to  save 
on  local  deployments  of  file  and  print 
servers  and  storage,  plus  associated  main¬ 
tenance  costs,  appliances  such  as  Cisco’s 
are  a  good  fit,”  says  Stephanie  Balaouras, 
senior  analyst  for  The  Yankee  Group. 

In  a  Cisco  File  Engine  implementation, an 
edge  appliance  is  located  in  each  branch 
office,  where  it  replaces  traditional  file  and 
print  servers  and  low-end  network- 
attached  storage  devices. 

The  appliance  caches  file  changes  and 
streams  them  in  real  time  to  a  core  appli¬ 
ance  in  the  data  center,  where  they  can  be 
saved  to  storage  subsystems  and  backed 
up  from  a  central  location.  Another  appli¬ 
ance,  the  WAFS  Central  Manager,  attaches 
to  a  network  router  and  provides  for  a 


remote  management  of  all  File  Engine 
appliances. 

Greg  Bosworth,  IT  manager  for  Water- 
town,  Mass.,  engineering  firmVanasse  Han- 
gen  Brustlin,  purchased  three  File  Engines 
from  Actona  to  use  in  the  company’s 
remote  offices. 

“We  continually  had  to  copy  data  from 
one  location  to  another  where  it  could  be 
worked  on.  With  the  File  Engine,  we  elimi¬ 
nate  that  problem  and  know  that  the  files 
we  are  looking  at  are  always  up  to  date,” 
Bosworth  says. 

Bosworth  evaluated  not  only  Cisco’s 
File  Engine  but  products  from  Tacit 
Networks.  He  has  recently  ordered  15 
more  File  Engines  for  the  remote  offices 
in  his  network. 

WAFS  technology  isn’t  being  proposed 
by  Cisco  alone.  Companies  such  as  Novell 


and  start-ups  Tacit  and  DiskSites  have 
appliances  that  use  the  technology  Novell 
and  DiskSites,  however,  rely  on  file  synchro¬ 
nization  rather  than  proxy  caching  and 
streaming;  Tacit  and  Cisco  deploy  proxy 
caching. 

The  Cisco  File  Engine  supports  Micro¬ 
soft’s  Common  Internet  File  System  and  the 
Unix/Linux  Network  File  System.  A  rack- 
mountable  lU-high  appliance,  the  File 
Engine  contains  two  40G-byte  Serial 
Advanced  Technology  Attachment  drives 
for  local  caching  of  files  and  two  10/100/ 
lOOOBase-T  Ethernet  ports  to  attach  to  the 
network. 

The  Cisco  File  Engine  Series  costs 
$12,000  per  appliance  and  a  license  to 
support  as  many  as  50  branch-office 
users.  Additional  50-user  license  packs 
cost  $4,500.  ■ 


User  group  to  reveal  model  for  IS  security  Mure 


Security  via  standards 

The  Network  Applications  Consortium,  a  group  of  end-user  companies,  has  identified 
a  number  of  standards  that  it  says  are  key  to  development  of  enterprise  security 
architectures  and  that  it  says  both  users  and  vendors  must  adopt. 


Standard 

Description 

Common  information  Model; 
CIM  Policy  Model 

A  conceptual  information  model  for  describing  management  and 
a  policy  language. 

Data  Center  Markup 

Language 

An  emerging  standard  for  describing  the  computing  environment 
to  be  managed. 

ISO/IEC  17799:2000: 

An  international  standard  for  information  security  management. 

Lightweight  Directory  Access 
Protocol 

The  standards-based  means  for  accessing  identity  authentication, 
and  authorization  data  and  related  policy  data. 

Security  Assertion  Markup 
Language 

Standard  for  communicating  identity,  attributes  and  authorization 
decisions. 

SNMP 

The  industry's  most  pervasive  management  standard. 

Web-8ased  Enterprise 
Management 

A  set  of  standard  technologies  to  unify  enterprise  computing 
management. 

WS-Policy 

An  emerging  standard  policy  in  a  Web  services  environment. 

X.509 

The  fundamental  public-key  infrastructure-based  technology  that 
is  critical  for  establishing  identities  and  secure,  trusted 
communications  between  components. 

Extensible  Authorization 
Control  Markup  Language 

Standard  way  to  specify  access  control  policy. 

■  BY  JOHN  FONTANA 

An  influential  user  group  is 
nearing  release  of  a  blueprint  for 
a  policy-based  security  architec¬ 
ture  it  hopes  will  become  an 
industry  model  for  securing  cor¬ 
porate  information  systems. 

The  Network  Applications  Con¬ 
sortium  (NAC),  which  includes 
major  IT  corporations  such  as 
Bechtel,  Boeing,  GlaxoSmithKline 
and  State  Farm  Insurance,  will 
publish  on  Jan.  1  the  results  of 
more  than  a  year’s  worth  of  work 
in  a  document  titled  “Enterprise 
Security  Architecture:  A  Frame¬ 
work  and  Template  for  Policy- 
Driven  Security’ 

“We  have  an  industry  reference 
document  that  brings  together 
aspects  of  security  architecture 
that  have  never  been  directly 
linked  together  in  one  docu¬ 
ment,”  says  Fred  Wettling,  chair¬ 
man  of  the  NAC  and  infrastruc¬ 
ture  architect  for  Bechtel,  a  global 
engineering,  construction  and 
project  management  firm.  “This 
ties,  from  stem  to  stern,  gover¬ 
nance  down  to  operations  along 
with  a  road  map  of  where  to  go  in 
the  future.  As  far  as  a  reference 
model,  this  is  the  first  of  its  kind 
for  policy-driven  security’ 

The  121-page  Enterprise  Secu¬ 
rity  Architecture  (ESA)  docu¬ 
ment  describes  the  policy,  techni¬ 
cal  and  operational  models  com¬ 
panies  should  adopt  in  tailoring  a 
security  architecture.  The  archi¬ 
tecture  is  based  on  a  set  of  poli¬ 
cies  that  use  templates  for  policy 
creation  from  the  National 


Institute  of  Standards  and  Tech¬ 
nology  and  International  Orga¬ 
nization  for  Standards  that  can  be 
represented  electronically  stored 
on  a  network  and  used  to  exe¬ 
cute  and  enforce  policy 
The  goal  is  to  create  a  link 
between  the  definition,  imple¬ 
mentation  and  enforcement  of 
security  policies  and  the  physical 
security  components  of  a  net¬ 
work.  Eventually,  the  policies  for 
each  will  be  automated  across 
the  physical  network. 


The  NAC  —  whose  members 
represent  combined  revenues  of 
more  than  $750  billion  —  is  work¬ 
ing  with  industry  groups  such  as 
the  Distributed  Management  Task 
Force  (DMTF)  and  the  Open 
Group,  as  well  as  vendors  such  as 
Cisco  and  Microsoft,  to  foster 
awareness  and  further  refine¬ 
ment  of  the  security  architecture 
plan. 

“You  can’t  just  buy  a  security 
product  that  is  a  quick  fix  to 
secure  interconnected  networks 


and  distributed  applications.  You 
have  to  build  that  into  the  secur¬ 
ity  products  you  have:  That  is 
architecture,”  says  Daniel  Blum, 
an  analyst  with  Burton  Group.  He 
also  says  policy  is  a  difficult  prob¬ 
lem  with  all  the  layers  of  security 
such  as  server  and  desktop  fire¬ 
walls  and  VPNs.  “You  have  to  dis¬ 
tribute  policy  enforcement  to 
those  endpoints  because  that  is 
where  the  threats  are,  but  you 
have  to  centralize  the  decision 
making.  That  is  why  you  need 


common  policies  and  policy  lan¬ 
guages.” 

NAC  officials  say  they  spent  the 
past  eight  months  updating  an 
April  draft  of  ESA  to  add  a  de¬ 
tailed  description  of  the  needs 
and  interdependencies  for  secu¬ 
rity  operations  such  as  compli¬ 
ance,  asset,  vulnerability,  event 
and  incident  management.  The 
NAC  also  added  a  model  that 
describes  automated  policy  cre¬ 
ation  from  a  set  of  business  re¬ 
quirements,  such  as  Health  Insur¬ 
ance  Portability  and  Account¬ 
ability  Act  compliance,  and  the 
implementation  and  enforce¬ 
ment  of  those  policies. 

However,  the  NAC  acknowl¬ 
edges  it’s  a  process  that  requires  a 
level  of  integration  that  can’t  be 
supported  with  today’s  technol¬ 
ogy  and  standards. 

In  the  interim,  the  ESA  docu¬ 
ment  lays  out  a  road  map  of  steps 
companies  can  take  to  move 
toward  a  more  policy-driven 
security  architecture,  including 
creating  or  formalizing  policies, 
devising  naming  conventions  for 
users  and  machines,  cleaning  up 
identity  data,  and  supporting  a 
range  of  standards  (see  graphic). 

“One  of  the  things  we  decided 
to  do  is  that  we  will  maintain  the 
policy  automation  model  and  the 
road  map  independently  so  we 
can  evolve  that  and  make  it  more 
real  as  we  work  with  the  DMTF 
and  others,”  says  Harold  Albrecht, 
the  ESA  project  manager  and 
technical  writer.  “Some  of  the 
things  in  there  will  change,  per¬ 
haps  significantly’  ■ 
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continued  from  page  1 

bankers  and  [mergers  and  acquisitions] 
boutiques  saying  ‘Hey  this  is  why  this 
makes  sense  to  you.’  Company  boards  start 
meeting  and  saying,  How  do  we  react  to 
this?’  It  becomes  a  herd  mentality’ 

The  industry  is  ready  for  pruning. 

“Consolidation  in  the  IT  industry  has 
been  threatened  for  a  long  time  and  is 
finally  happening  because  overall  market 
forces,  cash  reserves  and  the  threat  of  rising 
valuation  have  come  together  —  there  is  a 
lot  of  cash  laying  around  which  compa¬ 
nies  accumulated  during  really  tough 
times,”  says  Rich  Ptak,  a  principal  at  Ptak, 
Noel  &  Associates. 

For  example,  HP  has  $14.3  billion  in  cash 
and  short-term  investments.  “Stockholders 
will  tolerate  all  that  cash  generating  inter¬ 
est,  but  not  stock  value  or  dividends,  for 
only  so  long,”  Ptak  says. 

Vendors  are  trying  to  beef  up  their  port¬ 
folios  while  bargains  remain,  he  says. 

“From  the  buyers’  perspective,  the  funda¬ 
mentals  have  been  shoring  up,”  says  Jeff 
Fagnan,  a  partner  at  venture  capital  firm 
Atlas  Venture.  “Businesses  have  more  cash, 
stock  prices  have  been  going  up.  That 
might  be  driving  companies  to  try  to  lock 
in  some  gains  by  using  shares  and  cash  to 
buy  companies.” 

Companies  consider  selling  now 
because  they  are  healthier  and  can  com¬ 
mand  a  better  price,  Fagnan  says.  “Sellers 
have  been  seeing  their  businesses  improve. 
Now  is  a  much  better  time  to  sell  than  a 
year  or  a  year  and  a  half  ago,”  he  says. 

Symantec  is  a  good  example  of  a  vendor 
with  strong  customer  and  channel  rela¬ 
tionships  taking  an  opportunity  to  expand 
its  business.  “Symantec  has  the  relation¬ 
ships  with  customers;  customers  trust 
them,  they’re  already  in  there  selling,  why 
not  add  one  more  thing?”  Fagnan  says. 

Symantec’s  plans  to  acquire  storage  ven¬ 
dor  Veritas  for  $13.5  billion  would  make  it 
the  largest  supplier  of  back-up,  recovery 
and  archiving  software. 


Symantec,  whose  consumer  anti-virus 
sales  have  funded  its  push  into  the  corpo¬ 
rate  market  for  some  time,  “is  re-inventing 
itself  into  a  major  enterprise  security  man¬ 
agement  vendor  with  acquisitions  and  a 
new  marketing  theme,  but  they  have  some 
gaps,” says  Steve  Hunt,  research  director  for 
security  at  Forrester  Research. 

“Veritas  is  a  successful  back-up  and 
archiving  vendor  looking  for  a  way  to  pen¬ 
etrate  the  security  market,  which  has  grow¬ 
ing  needs  for  such  software,”  Hunt  says. 

Many  other  IT  vendors  sealed  smaller 
deals  last  week.  3Com  announced  plans  to 
acquire  TippingPoint  Technologies,  a  maker 
of  intrusion-prevention  systems,  for  about 
$430  million  in  stock. 

Meanwhile,  Microsoft  acquired  anti-spy¬ 
ware  vendor  Giant  Company  Software, 
Avaya  picked  up  WAN  monitoring  vendor 
RouteScience  Technologies,  Concord 
Communications  snared  Vitel  Software, 
and  mainframe  integration  vendor  Neon 
Systems  grabbed  rival  ClientSoft. 

One  possibility  for  the  sudden  conflu¬ 
ence  of  technology  mergers  is  companies 
were  waiting  for  the  results  of  the  presi¬ 
dential  election  before  showing  their 
hand,  Fagnan  says. 

In  addition,  slow  growth  prospects  — 
AMR  is  forecasting  6%  growth  in  the  enter¬ 
prise  applications  market  through  2008  — 
are  driving  some  deals,  AMR’s  Richardson 
says.  Oracle’s  bid  for  PeopleSoft  is  one 
example.“What  these  guys  are  doing  is  buy¬ 
ing  each  other’s  customers  and  trying  to 
live  off  the  maintenance  revenue,  with 
some  cross-selling  and  up-selling,”  he  says. 

Increasing  threats  from  abroad  are  anoth¬ 
er  issue,  Richardson  says.“Next  year  for  the 
first  time  the  amount  of  money  paid  to  the 
Indian  offshoring  firms  will  exceed  license 
revenues,”  he  says.  Oracle  and  PeopleSoft 
face  a  lot  more  competition  from  custom 
software  and  services  being  developed  by 
overseas  firms  such  as  Wipro,  Tata  and 
Infosys,  he  says. 

With  PfeopleSoft’s  business  on  its  side, 
Oracle  stands  to  become  the  second- 
largest  supplier  of  business  applications, 


after  SAPIt  still  needs  to  bulk  up  if  it  wants 
to  stay  competitive  with  Microsoft  and  IBM 
in  the  larger  infrastructure  market.  Expect 
more  buys  from  Oracle  —  which  has  said 
BEA  Systems  is  on  its  radar,  Fagnan  says. 

Competition  is  a  driver  for  the  Symantec/ 
Veritas  deal,  says  Stephanie  Balaouras,  a 
senior  analyst  with  The  Yankee  Group. “Veri¬ 
tas  is  under  increasing  competition  from 
EMC  and  some  of  its  traditional  partners 
like  Oracle  or  Microsoft,  who  are  now  be¬ 
coming  their  competitors,”  she  says.  Sym¬ 
antec  has  software  that  can  go  after  the  low 
end  of  back-up  and  server  management 
market.  The  acquisition  and  combined 
technologies  will  let  Symantec  hit  a  couple 
of  different  market  segments,  she  says. 

Sprint  and  Nextel’s  pending  union  is 
largely  about  brawn.The  parties  are  calling 
the  deal  a  “merger  of  equals,”  wherein 
shareholders  from  each  company  will  own 
about  50%  of  the  new  entity  which  will  be 
called  Sprint  Nextel. 

The  merger  will  create  a  more  powerful 
No.  3  wireless  service  provider  in  the  U.S., 
with  Sprint/Nextel  holding  about  38.5  mil¬ 
lion  subscribers.  Individually  Sprint  is  the 
third-largest  wireless  service  provider,  with 

23.3  million  customers.  Nextel  is  fifth,  with 

15.3  million  mobile  customers. 

Sprint  needed  to  bulk  up  to  stay  compet- 
itive.“Cingular  and  Verizon  are  just  so  huge. 
Sprint  probably  felt  like  it  had  to  do  some 
thing,”  Fagnan  says,  adding  that  concerns 
that  Verizon  Wireless  was  interested  in 
Nextel  also  might  have  pushed  Sprint  to 
make  a  move. 

As  part  of  the  proposed  deal,  Sprint  will 
spin  off  its  independent  local  telephone 
business.That’s  its  heritage:  Sprint  began  in 
1899  as  Brown  Telephone,  a  local  service 
provider,  before  launching  its  interex¬ 
change  carrier  (IXC)  business  in  the  1980s 
and  its  wireless  business  in  1995. 

This  represents  a  shift  of  sorts  in  telecom, 
says  Keith  Waryas,  a  research  manager  at 
IDC.When  the  two  companies  merge, it  will 
be  the  first  time  that  a  wireless  service  pro¬ 
vider  owns  an  IXC,  Waryas  says.  In  the  past, 
landline  service  providers  —  with  the 


majority  of  their  revenues  coming  from 
voice  and  data  services  —  owned  wireless 
service  providers. 

Users  have  mixed  feelings  about  the 
spate  of  acquisitions.  On  one  hand,  ven¬ 
dor  consolidation  can  support  users’ 
efforts  to  consolidate  suppliers  and  limit 
complexity 

“I’m  always  in  favor  of  ‘partnerships’  that 
give  me  single-source  solutions,”  says  Jim 
Miskovsky  director  of  IT  for  Fisher  &  Phil¬ 
lips,  a  law  firm  in  Atlanta.“I  suspect  we’ll  see 
other  similar  mergers  in  2005  as  compa¬ 
nies  try  to  better  align  and  leverage  their 
strengths  to  gain  market  share.” 

But  deals  such  as  the  Symantec/Veritas 
merger  raise  questions  as  well. 

“We  have  some  questions  about  support 
and  licensing  that  Veritas  has  not  ad¬ 
dressed,”  says  David  Bucciero,  director  of 
systems  services  at  Dartmouth  College  in 
Hanover,  N.H. 

“While  we  have  some  time  to  work  out 
those  issues,  we  do  want  to  know  how  that 
comes  together  —  are  they  really  going  to 
centralize  support,  because  that  is  very  im¬ 
portant  to  us,”  says  Bucciero,  who  has  Sym¬ 
antec  anti-virus  software  and  Veritas’  Net- 
Backup  products.“From  a  budgetary  point 
of  view,  how  is  the  company  going  to  oper¬ 
ate  and  how  is  their  licensing  going  to 
change?”  he  adds. 

It  will  take  a  while  for  all  the  questions  to 
be  answered.  In  the  meantime,  analysts 
expect  consolidation  to  continue. 

Fagnan  is  interested  to  see  the  response 
from  all  these  companies’  competitors  — 
some  of  which  might  be  enticed  into 
acquisitions  of  their  own  early  next  year. 

Along  with  BEA,  software  vendors  such 
as  Siebel  Systems,  Lawson  Software  and 
Hyperion  are  among  possible  targets,  ana¬ 
lysts  say 

“This  has  to  be  sort  of  a  golden  age  for  all 
of  the  M&A  boutiques,”  Richardson  says.“It 
must  be  a  bit  like  Sotheby’s,  with  everyone 
racing  around  putting  price  tags  on  every¬ 
thing,  seeing  if  they  can  get  some  stuff  into 
auction, seeing  who  they  can  get  to  bid.  Or 
maybe  more  like  a  tag  sale.”* 


A  week  to  remember 


Symantec/Veritas,  Sprint/Nextel  and  Oracle/PeopleSoft  stole  the  show  last  week,  but  that  didn’t  stop  a  slew  of  other  vendors  from  inking  deals  of  their  own. 


Company 

Acquisition 

Value 

Announced 

Status 

Significance 

Symantec 

Veritas  Software 

$13.5  billion 

Dec.  16 

Expected  to  close  in  the 
second  quarter  of  2005. 

Makes  security  player  Symantec  the  largest  supplier  of  back-up, 
recovery  and  archiving  software. 

Sprint 

Nextel 

Communications 

$35  billion 

Dec.  13 

Expected  to  close  in  nine  to 

12  months. 

Combination  would  create  a  powerful  No.  3  competitor  in  the 
wireless  service  provider  market. 

Oracle 

PeopleSoft 

$10.3  billion 

Dec.  13 

Expected  to  close  in  Jan. 

Oracle  gains  customers  -  needed  to  compete  against  SAP. 

3Com 

TippingPoint 

$430  million 

Dec.  13 

Expected  to  close  in  Feb. 

3Com  gains  intrusion-prevention  products. 

Siebel 

edocs 

$15  million 

Dec.  17 

Expected  to  close  Q1. 

Gives  Siebel  an  entry  into  the  electronic  billing  market. 

Microsoft 

Giant  Company 
Software 

$10.5  million  and 
stock  rights 

Dec.  16 

Complete 

Microsoft  gains  anti-spyware  technology. 

Neon  Systems 

ClientSoft 

$4  million 

Dec.  13 

Complete 

Combines  the  assets  of  two  mainframe  integration  vendors. 

Concord 

Communications 

Vitel  Software 

Undisclosed 

Dec.  15 

Expected  to  close  by  end  of 
January. 

Network  performance  management  software  vendor  Concord  gains 
Vitel’s  legacy  and  IP  PBX  network  traffic  management  technologies. 

Avaya 

RouteScience 

Technologies 

Undisclosed 

Dec.  15 

Complete 

Avaya  gains  RouteScience’s  technology  for  monitoring  and 
provisioning  WAN  connections. 
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Sizing  up  the  Sprint/Nextel  deal 


■  BY  DENISE  PAPPALARDO 

The  $35  billion  Sprint/Nextel 
Communications  merger  an¬ 
nounced  last  week  answers  a  lot 
of  questions  for  those  who  won¬ 
dered  when  further  consolida¬ 
tion  of  the  wireless  service  mar¬ 
ket  would  happen.The  formation 
of  the  third-largest  wireless  pro¬ 
vider  (behind  Cingular  Wireless 
and  Verizon  Wireless)  also  raises 
a  new  set  of  questions,  which  we 
take  a  whack  at  here: 

Why  would  Sprint  want  to  merge  with 
NextelP 

Nextel,  despite  the  fact  that  it 
has  a  proprietary  network  based 
on  Motorola’s  iDEN  technology  is 
highly  valued  for  a  few  reasons: 
its  annual  revenue  per  subscrib¬ 
er  (ARPU),  its  low  churn  rates 
and  its  high  concentration  of 
business  customers. 

What's  the  big  deal  about  ARPU? 

This  figure  represents  how 
much  customers  spend  with 
their  wireless  service  providers, 
and  Nextel  always  has  led  the 
pack.  In  the  third  quarter,  Nextel 
reported  that  its  ARPU  was  $69. 
Sprint’s  was  $63, Verizon  Wireless’ 
was  $5 1.58,  and  Cingular’s  was 
$49.78.  Nextel  has  been  able  to 
nab  a  nearly  $20  premium  per 
user  vs.  Cingular  primarily 
because  of  its  high  ratio  of  busi¬ 
ness  to  consumer  customers 
(80%  vs.  20%).  Business  users 
tend  to  spend  more  for  features, 
applications  and  reliability 

What  about  chum  rate? 

Nextel  also  has  the  lowest 
churn,  which  represents  the  per¬ 
centage  of  users  who  leave  their 
carrier  per  quarter.  Nextel’s  rate 
in  the  third  quarter  was  1.5%. 
Verizon  was  a  close  second, 
with  1.7%,  with  Sprint  and 
Cingular  picking  up  the  rear 
with  churn  rates  of  2.7%  and 
2.8%  respectively  Churn  is  a  key 
metric  used  to  gauge  customer 
satisfaction. 

What  does  this  mean  to  Sprint  cus¬ 
tomers? 

Sprint  is  merging  with  a  com¬ 
pany  that  has  a  lot  of  experience 
with  business  users  and  likely 
will  take  a  page  from  Nextel’s 
book.  Nextel  has  more  than  10 
years  of  experience  in  dealing 
with  business  users  in  specific 
vertical  markets  offering  applica¬ 
tions  and  services  that  meet  their 
needs.  Sprint  and  other  wireless 


providers  have  been  accused  of 
simply  taking  consumer  offerings 
and  repackaging  them  for  busi¬ 
ness  users. 

What  do  Nextel  customers  get? 

Sprint  is  deploying  high-speed 
3G  gear  based  on  Evolution-Data 
Only  (EV-DO)  over  its  Code  Divi¬ 
sion  Multiple  Access  (CDMA)  net¬ 
work.  It  says  the  upgrade  will  be 
complete  by  late  2006  or  early 
2007. Verizon  Wireless  is  adopting 
EV-DO.  Meanwhile,  Motorola  is 
working  on  a  gateway  and  dual¬ 
mode  iDEN/CDMA  phones  that 
would  support  Nextel  and  Sprint 
customers  on  each  service 
provider’s  network. 


So  does  iDEN  go  away? 

Yes,  eventually  Nextel  says  it 
will  continue  to  invest  in  its  iDEN 
network  through  2007,  until  its 
customers’  voice  traffic  can  be 
supported  over  Sprint’s  network. 
But  Nextel  says  it  might  use  the 
network  after  2007  to  support  its 
push-to-talk  service,  which  is  far 
more  mature  than  Sprint’s. 

What  about  Sprint's  traditional  land¬ 
line  business? 

Sprint  says  it  will  spin  off  its 
local  division  post  merger.  Al¬ 
though  there  wasn’t  much  talk 
about  its  traditional  interexchan- 
age  carrier  (IXC)  business  last 
week,  Sprint  says  it  will  continue 


to  offer  enterprise  users  voice, 
data  and  IP  services.“It  would  be 
a  big  strategic  mistake  to  de- 
emphasize  its  IXC  business,”  says 
Lisa  Pierce,  a  senior  analyst  at 
Forrester  Research.  Sprint  needs 
to  reassure  customers  that  it  will 
continue  to  make  its  landline 
business  a  priority  she  says. 

Things  sound  pretty  rosy.  What  is 
Sprint/Nextel  lacking? 

International  coverage.  Analysts 
agree  Sprint/Nextel  will  not  be 
the  first  choice  of  business  users 
who  frequently  travel  abroad. 
AT&T  Wireless,  now  owned  by 
Cingular,  has  extensive  roaming 
agreements  overseas.T-Mobile 


owns  T-Mobile  Germany  and 
offers  far-reaching  international 
coverage. 

Are  there  overall  industry  benefits 
for  all  wireless  users? 

Bob  Egan,  president  of  consul¬ 
tancy  Mobile  Competency  says 
yes.“Business  users  can  expect 
wireless  data  prices  to  collapse," 
he  says.Today  users  pay  about 
$70  for  1G  byte  of  wireless  data 
per  month.  Egan  says  he  expects 
that  monthly  price  to  drop  to 
about  $35.  He  says  business  users 
can  expect  Verizon  Wireless  and 
Cingular  to  fight  aggressively  for 
their  contracts  before  the  Sprint- 
Nextel  deal  is  final.  ■ 


Nortel  working  on  new  security  routers 


Who  needs  firewalls? 

Network  hardware  vendors  are  building  security  features  into  many  devices  that  once 
only  passed  packets.  .  r  • 


Q  Routers  and  switches  are  getting  ©  Data  center  switches  and  appliances  ©  Backbone  switches  can  filter 

features  that  filter  and  block  rate-limit  or  stop  denial-of-service  malicious  traffic  or  protect  the 

traffic  if  end-user  PCs  are  unsafe.  (DoS)  traffic  targeted  at  Web  servers.  devices  themselves  from  attackers. 

_ _ _ 


■  BY  TIM  GREENE  AND 
PHIL  HOCHMUTH 

Nortel  is  working  on  security 
routers  for  businesses  looking  to 
move  away  from  dedicated, 
stand-alone  security  hardware  to 
software  and  hardware  combina¬ 
tions  incorporated  in  switches, 
routers  and  even  desktops. 

3Com  and  others  have  similar 
plans,  making  2005  a  key  year  in 
the  migration  toward  switching 
and  routing  devices  securing  net¬ 
works  and  content. 

Nortel  is  expected  next  year  to 
roll  out  two  core  routers  for  busi¬ 
ness  networks  that  will  incorpo¬ 
rate  security  applications.  Code- 
named  Dolphin  and  Triton,  the 
routers  will  include  support  for 
VPNs,  firewalls  and  intrusion  de¬ 
tection,  sources  say 

Nortel  says  it  isn’t  ready  to  release  details  of 
the  new  gear,  but  it  has  a  number  of  new 
branch  and  regional  routing  platforms  in  field 
evaluation.  These  are  scheduled  to  be  avail¬ 
able  in  mid-2005,  the  company  says. 

These  product  additions  come  after  Nortel 
announced  intrusion-detection  and  -preven¬ 
tion  gear  (see  www.nwfusion.com,  DocFinder: 
5137)  that  integrates  with  its  switch/firewall 
offerings  to  block  perceived  threats,  and  an 
alliance  with  Symantec  (DocFinder:  5138)  to 
provide  threat  signatures  to  Nortel  switches 
that  block  malicious  traffic. 

“Every  router  and  switch  will  eventually  dou¬ 
ble  as  a  kind  of  firewall  or  a  filtering  device  at 
the  very  least,”  says  Jon  Oltsik,  a  senior  analyst 
with  Enterprise  Strategy  Group.“From  a  securi¬ 
ty  perspective,  that  means  network  devices 
become  enforcement  points.  Today’s  routers 
and  switches  already  perform  some  [filtering] 
tasks,  with  [access  control  lists]  and  basic 
packet  filtering.”  Earlier  this  year,  networking 


vendors  Alcatel,  Cisco  and  Enterasys  Networks 
made  similar  announcements. 

This  means  vendors  will  revamp  their  prod¬ 
uct  lines  to  integrate  security  says  Zeus  Kerra- 
vala.vice  president  of  enterprise  infrastructure 
for  The  Yankee  Group.  “There’s  not  a  lot  new 
you  can  do  with  routing  and  switching  alone 
anymore. Those  who  don’t  [incorporate  secu¬ 
rity  in  routers  and  switches]  face  extinction.” 

Along  these  lines,  3Com  last  week  acquired 
intrusion-prevention  system  vendor  Tipping- 
Fbint  Technologies,  with  plans  to  integrate  the 
company’s  wire-speed  traffic  filtering  capabil¬ 
ities  into  blades  for  3Com  switches  and  rout¬ 
ers  over  the  next  year  (see  story  page  17). 

Another  ongoing  effort  comes  at  security 
from  the  desktop,  making  sure  individual 
machines  meet  security  standards  before  they 
can  send  traffic  on  the  network.  F5  Networks 
and  Nortel  last  week  announced  they  have 
joined  Cisco,  Extreme  Networks,  Juniper  and 
others  working  with  Microsoft  to  support  the 


software  giant’s  Network  Access  Protection 
(NAP)  architecture.  NAP  is  designed  to  create 
a  broad  security  infrastructure  that  embraces 
servers, switches, routers  and  desktops. As  NAP 
is  gathering  a  long  list  of  partners,  Microsoft  is 
preparing  its  first  release  for  next  year. 

F5  plans  to  integrate  NAP  technology  into  its 
FirePass  Controller,  an  SSL  VPN  product,  allow¬ 
ing  the  device  to  admit,  deny  or  quarantine 
traffic  from  end-user  laptops  and  PCs.  In  an 
integrated  Microsoft/F5  network  the  Microsoft 
NAP  architecture  would  test  client  machines 
to  ensure  operating  system  and  anti-virus  soft¬ 
ware  are  up  to  date.  An  authentication  server 
then  would  tell  an  F5  FirePass  Controller  to 
allow  the  user  access,  block  access  or  send 
the  user  to  a  secure  LAN  segment  where  the 
latest  operating  system  and  anti-virus  software 
can  be  downloaded. 

Network  World  Service  Providers  Managing 
Editor  Jim  Duffy  contributed  to  this  story. 
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Bank  of  America’s  ‘higher  standards'  for  VoIP 

If  any  corporation  is  ready  for  VoIP,  its  Bank  of  America.  The  bank  has 
spent  three  years  building  an  all-optical,  multigigabit  WAN  backbone  with 
Broadwing  and  Sprint,  and  upgrading  its  LAN  switches  to  support  QoS  and 
in-line  power.  Now  the  company  plans  to  deploy  180,000  Cisco  IP  tele¬ 
phones  and  replace  363  PBXs  across  5,000  branches  with  centralized  IP 
PBXs,  with  the  help  of  Electronic  Data  Systems.  Steve  Venezia,  managing 
director  of  the  network  computing  group  and  network  services  at  Bank  of 
America,  spoke  recently  with  Network  World  Senior  Editor  Phil  Hochmuth. 
Here  is  an  edited  transcript: 


What  will  be  the  big  payoff  with  VoIP? 

We  have  done  projections,  but  I  don’t 
want  to  get  into  the  dollar  amounts. The 
key  is  to  give  the  business  the  opportunity 
to  utilize  technology  on  a  fully  converged 
network.  With  all-data  endpoints  [PCs  and 
phones] ,  there  are  vast  capabilities  that  are 
possible  for  improving  productivity  with 
new  applications.  I’ve  been  going  out  to  the 
businesses  and  talking  about  what  the  pos¬ 
sibilities  are  for  how  this  network  will  be 
used.  It  will  really  be  their  decision. 


Secondly  cost  is  a  factor. The  operational 
cost  savings  are  there  with  VoIPThe  voice 
world  has  always  been  complex  and  harder 
to  manage  than  the  data  world.  Convergence 
gives  us  the  ability  to  look  at  our  whole  tech¬ 
nology  entity.  It  will  let  us  be  more  predictive 
of  failures  and  other  network  events,  which 
gives  us  the  ability  to  keep  system  availability 
at  a  certain  level. 

Why  Cisco? 

We  have  a  huge  outsourcing  agreement 
with  EDS.  EDS  and  our  architecture  group 
came  up  with  some  stringent  and  thorough 
metrics  for  the  decision-making  processes; 
we  looked  at  it  from  the  angles  of  security 
and  products  themselves  to  the  financial  via¬ 
bility  and  technical  support  offerings  of  the 
vendor.  Everything  got  weighted  out, and 
Cisco  was  the  choice.  We’re  being  careful 


about  how  we’re  going  through  our  proof-of- 
concept  and  pilots  sites  right  now.  By  the  end 
of  this  year  or  early  next  year,  we’ll  look  at  the 
results.The  answer  will  be  binary  —  either 
yes  or  no,  as  to  whether  we’re  going  ahead. 

So  there  is  a  chance  you'll  scrap  the  whole  VoIP 
plan? 

1  wouldn’t  say  there  is  a  strong  chance 
that  it  won’t  go  forward.  We’ve  had  very  few 
setbacks. 


How  are  you  conducting  your  pilots? 

We’re  in  the  back-office,  branch  facilities 
and  high-end  office  space. There  are  about 
1,000  IP  phones,  and  it  will  be  about  1,500 
when  the  pilots  are  completed.  We ’re  doing 
different  scenarios  of  the  various  types  of 
sites  we’ll  deploy  We’ll  have  a  model  for  each 
of  the  areas  we’ll  be  rolling  out,  not  that  it’s 
cookie  cutter. 

It’s  a  really  collaborative  effort  among  Cisco, 
EDS  and  ourselves.  My  architecture  team  is 
driving  the  technology  and  how  we’re 
approaching  it.The  mitigation  of  any  issues  is 
driven  by  my  team  through  EDS  and  Cisco. 

How  do  you  feel  about  the  fact  that  Dow  Chemical 
hired  EDS  in  2001  for  an  equally  ambitious  VoIP 
project  which  didn't  work  out?  They  switched  inte¬ 
grators  and  are  now  basically  starting  over. 

Dow  outsourced  to  EDS,  but  [EDS]  didn’t 


know  [Dow’s]  customer  base.  I  knew  we  had 
to  do  this  in  incremental  steps,  which  we  are 
doing. We  have  risk  mitigation,  in  terms  of 
each  step  we  go  through.  We  won’t  go  ahead 
until  this  testing  and  proof  of  concept  are 
checked  off  on  all  criteria. 

Dow  made  a  couple  of  significant  failures; 
they  went  for  the  whole  ball  of  wax.  Plus,  the 
technology  was  not  as  mature  as  it  is  today 
Other  folks  who  either  had  difficulty  or  failed 
with  VoIP  either  tried  to  boil  the  ocean  them¬ 
selves  or  just  gave  all  the  project  manage¬ 
ment  to  their  outsourcer. These  are  usually 
not  the  wisest  things  to  do. 

Merrill  Lynch  has  said  that  pure  VoIP  was  too 
risky  because  of  worms  and  other  attacks  that 
flooded  their  network  and  choked  VoIP  traffic. 
Does  the  fact  that  they  pulled  back  from  Cisco's 
VoIP  technology  worry  you? 

The  key  thing  regarding  that  type  of  con¬ 
cern  is  QoS.  Let’s  say  there  is  a  denial-of-ser- 
vice  attack  or  virus;  QoS  lets  us  carve  out  a 
piece  of  bandwidth  to  keep  our  voice  sys¬ 
tems  functioning,  even  if  the  pipes  carrying 
e-mail  or  other  application  data  are  saturated. 
That’s  about  as  deep  as  I  want  to  get  into 
what  we’re  doing  with  technology  to  secure 
voice. 

But  I  do  think  security  has  come  a  long  way 
with  VoIP  When  I  talked  about  all  our  deci¬ 
sion-making  criteria  in  the  beginning,  security 
was  a  huge  piece  of  it.  Our  information  secu¬ 
rity  group  has  really  been  joined  at  the  hip 
with  us  all  the  way  through  this  project. 

Another  issue  is  that  we’re  not  traversing 
the  Internet  with  VoIP  Maybe  in  the 
future  we’ll  look  at  that,  through  VPNs 
or  other  technologies,  but  right  now 
VoIP  is  self-contained  within  the 
bank’s  network. 

Was  the  data  network  upgraded  before 
the  decision  to  go  with  VoIP? 

We  had  to  get  our  network  ready 
first,  which  we  were  doing  regardless 
ofVoIPBut  we’re  going  to  take  full 
advantage  of  the  high  capacity  we 
have  on  our  optical  network  and 
really  start  traversing  our  backbone. 

We  had  a  huge  effort  of  transforma¬ 
tion  so  that  it’s  only  one  hop  to  our 
optical  network  from  any  facility  That 
has  just  about  been  completed,  with 
a  refresh  of  just  about  all  of  our  switches  and 
routers.  It  was  important  to  have  standardiza¬ 
tion  across  the  board  in  terms  of  product 
types,  [10S]  software  versions,  and  to  have  in¬ 
line  power  in  place  for  the  phones.  It  is  also 
in  our  EDS  contract  to  have  a  refresh  cycle 
up  to  date  on  an  ongoing  basis. 

Was  the  optical  backbone  built  with  convergence 
in  mind? 

Having  our  data  and  voice  networks  con¬ 
verge  wasn’t  really  on  the  forefront  when  we 
started  doing  that.  But  because  of  the  overall 
direction  of  where  the  bank  was  going, 
because  we  have  so  many  locations  across 
the  country  optical  made  the  most  sense. 

For  the  expansion  we’re  doing  [related  to 
Bank  of  America’s  $47  billion  buyout  of  Fleet 
last  year] ,  having  the  optical  network  is  a 

See  Bank  of  America,  page  49 
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Aquarium 

continued  from  page  1 

That’s  life  on  the  job  for  Marc 
Talavera,  assistant  IT  director  at 
Chicago’s  world-renowned 
Shedd  Aquarium. Talavera  has 
his  fair  share  of  humans  to  sup¬ 
port,  but  really,  he  says, “it’s  all 
about  the  animals.” 

No  doubt  a  beluga  would 
weigh  heavy  on  one’s  mind;  six 
even  more  so.  That’s  how  many 
belugas  live  in  the  Shedd’s 
Oceanarium,  a  re-creation  of  the 
Pacific  Northwest  coast  home  to 
dolphins,  sea  otters,  seals  and 
other  creatures  native  to  that 
environment. With  3  million  gal¬ 
lons  of  salt  water,  the  Oceanar¬ 
ium  is  the  world’s  largest  indoor 
marine  mammal  pavilion  and  a 
draw  for  tourists  the  world  over. 

Tourists  also  flock  to  the 
Shedd’s  newest  exhibit  —  the 
10-room,  31-habitat  Wild  Reef  — 
for  a  diver’s-eye  view  of  a  Philip¬ 


pine  coral  reef.  There  the  big 
attraction  is  the  sharks  — 
nearly  30  zebras,  blacktip  and 
whitetip  reefs,  Japanese  wobbe- 
gongs  and  sandbars  slicing 
through  looming  coral  reefs  and 
schools  of  brightly  colored  fish 
in  search  of  prey 
Unfortunately,  the  fish  aren’t 
the  Shedd’s  only  attraction  and 
the  sharks  the  most  worrisome 
predators.  As  a  nonprofit,  the 
Shedd  is  like  fresh  bait  to  hack¬ 
ers,  Talavera  says. 

“Generally  speaking,  because 
not-for-profits  usually  don’t  have 
a  whole  lot  of  money  to  secure 
their  environments,  what  winds 
up  happening  is  they  become 
easy  targets,”  he  says.“So  you  get 
people  trying  to  use  exploits  on 
such  organizations  because 
they  don’t  think  they’ll  have  a 
secured  environment  or  one 
with  multiple  layers  of  security’ 
Indeed,  they  often  don’t. When 
Talavera  came  to  the  Shedd 


Maintaining  network  security  is  no  day  at  the  beach  for  IT  professionals  at 
Chicago's  Shedd  Aquarium. 


three  and  a  half  years  ago 
(along  with  the  current  IT  direc¬ 
tor),  security  stood  out  as  a 
major  issue.“We  had  a  lot  of 
problems  with  Internet  attacks 
and  hack  attempts  on  our  sys¬ 
tems,”  says  Talavera,  adding  that 


Avaya  messaging  server 
integrates  voice  and  e-mail 


■  BY  PHIL  HOCHMUTH 

Avaya  last  week  launched 
Version  2.0  of  its  Modular 
Messaging  voice  mail  platform, 
with  unified  messaging  features 
and  support  for  more  users  on  a 
single  IP-based  server. 

The  new  messaging  software 
lets  end  users  with  Microsoft 
Outlook  or  Lotus  Notes  e-mail 
clients  access  Avaya  Modular 
Messaging  voice  mails  in  their  in¬ 
boxes.  The  platform  also  allows 
for  Web-based  voice  mail  access 
and  new  voice-activated  message 
retrieval  interface. 

Avaya  Modular  Messaging  2.0 
runs  on  a  Linux-based  Intel  server 
and  can  support  up  to  20,000 
voice  mail  boxes  per  system  — 
up  from  10,000  mailboxes  on  the 
previous  version.  This  lets  one 
Modular  Messaging  server  sup¬ 
port  voice  mail  for  clients  in  remote  offices  via  an 
IP  WAN  link,  and  end  users  inside  a  main  corporate 
office.  The  messaging  platform  works  with  either 
Avaya  IP  or  legacy  PBX  phone  switches. 

Modular  Messaging  includes  a  software  plug-in 
for  client  PCs,  which  lets  voice  mails  be  integrated 
with  Outlook  or  Lotus  Notes  clients. This  lets  voice 
mails  be  sent  to  an  end  user  as  an  e-mail  attach¬ 
ment.  This  differs  from  Avaya’s  Unified  Communi¬ 
cator,  which  keeps  voice  mail  and  e-mail  storage  on 
the  same  server,  and  integrates  voice  mail  and 
e-mail  into  scheduling  and  other  applications. 

“The  Outlook  plug-in  is  excellent,”  says  Beth 
Seymour, senior  project  manager  for  voice  network 


Avaya's  Modular  Messaging  2.0 
can  add  more  than  20,000  voice 
mail  boxes  to  an  Avaya  IP  PBX 
system. 


services  at  AmeriHealth  Mercy 
Health  Plan.  “It’s  great  having 
everything  in  one  interface”  for 
accessing  messages. 

The  Philadelphia  company 
plans  to  upgrade  its  legacy  Intuity 
Audix  voice  mail  system  with 
Modular  Messaging  2.0  over  the 
next  several  months  to  support 
1,100  employees.  Over  the  next 
several  years,  the  company  will 
extend  the  voice  mail  support  to 
other  sites  throughout  Pennsyl¬ 
vania,  supporting  several  thou¬ 
sand  more  users. 

AmeriHealth  will  deploy  two 
Windows-based  application  serv¬ 
ers  for  running  the  Modular 
Messaging  application,  and  a 
Linux-based  Avaya  server  for  mes¬ 
sage  storage. 

Seymour  says  the  system  offers 
back-end  administrative  pluses 
and  client-facing  improvements. 
“The  interface  is  all  point-and-click,  instead  of  com¬ 
mand  line,”  for  administering  voice  mail,  as  was  the 
case  on  the  Audix  system,  she  says.  Because  the 
servers  are  standard  Intel  boxes,  Seymour  antici¬ 
pates  that  upgrading  disks  for  storage  and  other 
hardware  will  be  less  expensive  than  it  was  with  the 
proprietary  Audix  hardware. 

Avaya  competes  with  traditional  telephony  ven¬ 
dors  such  as  Alcatel,  Nortel,  NEC  and  Siemens,  who 
also  offer  server-based  IP  voice  mail  messaging 
products.  Cisco  and  3Com  also  offer  corporate  voice 
mail  systems  for  their  respective  IP  PBX  systems. 

Avaya  Modular  Messaging  costs  between  $50  and 
$100  per  seat.® 


he  has  no  way  of  knowing  how 
many  attempts  were  successful 
but  that  he  did  find  one  unau¬ 
thorized  FTP  server  in  use.“The 
computing  environment  had 
been  neglected.  It  was  like  a  cir¬ 
cus,  or  a  zoo,  at  the  time.” 

That  made  securing  the  inter¬ 
nal  environment  one  of  the  first 
action  items  on  the  new  IT 
team’s  agenda, Talavera  says.The 
concern  was  more  about  the 
nuisance  of  the  hack  attempts 
than  the  threat  of  hackers  gain¬ 
ing  deep,  dark  secrets  about  the 
Shedd  inhabitants.“I  don’t  nec¬ 
essarily  believe  that  anybody 
was  trying  to  gain  access  to  our 
secured  files  and  get  informa¬ 
tion  on  the  animals.  I  think 
these  were  more  experimenta¬ 
tions  to  see  if  they  could  find  a 
way  in,”  he  explains. 

Hackers  haven’t  found  any 
leaks  lately  Almost  immediately 
upon  joining  the  Shedd, Talavera 
began  protecting  the  aquarium 
against  these  land  sharks  by 
building  a  layered  security 
defense.  NetScreen  Technologies 
firewalls  (now  from  Juniper) 
protect  the  perimeter,  while 
eTrust  anti-virus  software  from 
Computer  Associates  runs  on 
user  workstations.  At  the  center 
sits  the  eSafe  content  security 
tool  from  Aladdin  Knowledge 
Systems.  A  multifunction,  gate¬ 
way-based  product,  eSafe  pro¬ 
tects  against  viruses,  prevents 
exploits  of  known  security  holes 


Got  great  ideas 


■  Got  a  suggestion  for  a 
Wider  Net  story?  An  offbeat 
network  industry-related 
topic?  A  fascinating  person¬ 
ality  we  should  profile? 
Contact  Bob  Brown  with  your 
ideas  at  bbrown@nww.com. 


in  HTML  and  other  programs, 
and  blocks  spam.  Since  loading 
up  eSafe  three  years  ago, “any 
vandal  file  that  has  been 
attached  to  an  e-mail  has  been 
stopped,”  he  says. 

And  eSafe  doesn’t  just  protect 
the  fish,  it  also  helps  preserve 
the  upstanding  reputation  of 
this  venerable,  75-year-old  insti¬ 
tution, Talavera  adds.  With  eSafe, 
the  Shedd  can  make  sure  that  its 
large  contingent  of  volunteer 
staffers,  most  of  whom  share 
access  to  a  pool  of  350  or  so 
workstations,  aren’t  surfing  to 
unsavory  sites.“Based  on  our 
rules  and  URL  filtering,  we  can 
see  if  people  are  trying  to  ac¬ 
cess  sites  that  we  as  an  organi¬ 
zation  don’t  want  people  going 
to. This  lets  you  really  easily 
quantify  what  is  passing  from 
your  internal  network  to  the 
external  network,”  he  says. 

Talavera  also  has  tested  the 
eSafe  Application  Filter,  which 
blocks  unauthorized  application 
traffic,  such  as  MP3  files,  instant 
messages  and  spyware,  but  the 
aquarium  hasn’t  committed  to 
deploying  that  yet. 

Knowing  that  predators  aren’t 
going  to  take  down  the  Shedd’s 
servers  —  be  they  those  used 
for  the  interactive  presentations 
within  the  habitats  or  as  part  of 
the  animal  life-support  system 
—  makes  for  more  restful  days 
and  nights  for  Talavera. 

Still, Talavera  readily  acknowl¬ 
edges  that  technology  at  the 
Shedd  really  is  secondary  to  the 
people.  He  uses  life-support  oper¬ 
ations  as  an  example.  When 
Shedd  caregivers  who  aren’t  suit¬ 
ed  up  and  diving  in  for  up-close 
and  personal  encounters  with 
the  animals,  they  can  monitor 
environmental  variables  such  as 
tank  temperature,  ozone  level 
and  water  flow,  from  a  central¬ 
ized  server  sitting  on  a  virtual 
LAN  segmented  off  the  organiza¬ 
tion’s  Gigabit  Ethernet  backbone. 
The  data  they  view  is  collected 
from  30  or  so  Andover  Control 
probes  scattered  throughout  the 
aquarium. 

Should  the  controllers  be 
unable  to  communicate  data 
back  to  that  central  server,  alerts 
go  out  immediately,  and  manual 
testing  processes  kick  in, Tala¬ 
vera  says. “We  have  the  technol¬ 
ogy  that’s  true.  But  we  also  have 
individuals  who  are  out  there 
watching  over  the  animals  all 
the  time.  So  we  don’t  only  rely 
on  the  technology’® 
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IBM  frame  identity  mgmt  strategies 


CA, 

■  BY  ELLEN  MESSMER 


Two  of  the  biggest  vendors  in  identity 
management,  Computer  Associates  and 


■  Corrent  has  introduced  six  firewall/ 
VPN  appliances  that  support  Check 
Point  security  software  for  midsize  to 
large  businesses.  The  SR  product 
family,  announced  last  week,  supports 
Check  Point  VPN-1  PRO  software, 
which  includes  network  and  applica¬ 
tion  layer  firewall  protection,  or  Check 
Point  Express,  a  bundle  of  Check  Point 
security  software  that  includes  fire¬ 
wall  and  VPN.  The  Corrent  devices 
include  hardware-based  denial-of-ser- 
vice  protection.  Firewall  speeds  over 
the  six  products  range  from  400M  to 
more  than  4G  bit/sec,  and  VPN 
speeds  range  from  325M  to  2G 
bit/sec.  The  boxes  —  Models  SR  100, 
200,  300,  400,  520  and  620,  cost  from 
$3,700  to  $40,000. 

■  Mazu  Networks,  a  network  intru¬ 
sion-prevention  system  company, 
has  secured  another  round  of  ven¬ 
ture  capital,  including  a  stake  from 
security  software  giant  Symantec. 
Mazu  announced  that  it  was  receiv¬ 
ing  another  $12  million  in  Series  C 
funding  from  a  host  of  existing 
investors  and  that  Symantec  signed 
on  as  a  new  strategic  partner.  The 
deal  is  also  the  second  major  invest¬ 
ment  by  Symantec  in  intrusion- 
detection  and  -prevention  technology 
announced  in  the  last  week,  and 
shows  the  company  increasing  its 
interest  in  technology  that  can  spot 
and  prevent  infection  by  worms  and 
viruses  without  using  signatures  cre¬ 
ated  from  captured  samples  of  mali¬ 
cious  code.  The  latest  round  of  fund¬ 
ing  brings  the  total  investment  in 
Mazu  to  $35  million.  Existing  invest¬ 
ors,  including  Greylock,  Matrix  Part¬ 
ners,  Pilot  House  Ventures  and  Star- 
Vest  Partners,  put  up  the  majority  of 
the  new  capital,  although  Mazu 
declined  to  reveal  specific  numbers. 


IBM,  each  expect  to  make  substantial 
changes  in  the  coming  year  to  their  respec¬ 
tive  software  suites  for  access  control, 
secure  single  sign-on  and  provisioning. 

CA,  which  just  completed  its  acquisition 
of  competitor  Netegrity  last  week  outlined 
how  it  will  address  the  product  overlap  in 
CAs  eTrust  identity  management  suite  and 
Netegrity ’s  SiteMinder  Web  access  manage¬ 
ment  product  and  the  IdentityMinder  mod¬ 
ules  for  self-service  identity  administration 
and  provisioning.  CA  has  about  4,000  iden¬ 
tity  and  access  management  customers, 
while  Netegrity  has  about  800. 

CA  says  it  intends  to  support  CAs  eTrust 
Web  Access  Control  and  Netegrity’s  Site- 
Minder  for  the  short  term.  “There  are  cus¬ 
tomer  obligations  we  need  to  fulfill,”  says 
Vadim  Lander,  chief  identity  architect  at  CA 
and  formerly  CTO  at  Netegrity 

CA  is  scheduled  to  deliver  Version  8.0  of 
eTrust  Web  Access  Control  in  the  first 
quarter  of  next  year.  But  once  a  migration 


■  BY  PHIL  HOCHMUTH 

3Com’s  plan  to  acquire  TippingPoint 
Technologies  for  approximately  $430  mil¬ 
lion  in  stock  gives  the  company  more  secu¬ 
rity  clout  as  it  grows  its  menu  of  gear  tar¬ 
geted  at  large  business  networks. 

TippingPoint  also  gives  3Com,  which 
announced  the  deal  last  week,  an  answer 
to  competitors’  recently  unveiled  security 
products  and  partnerships  designed  to 
marry  network  infrastructure  to  intrusion 
prevention  and  security  The  TippingPoint 
buyout  gives  3Com  its  first  in-house  source 
of  security  gear.  3Com  previously  partnered 
with  security  switch  vendor  Crossbeam, 
selling  the  company’s  firewall,  intrusion- 
detection  system  and  content-filtering 
switches  under  SCom’s  brand.  3Com  also 
sells  enterprise  WAN  routers  with  firewall 
and  VPN  capabilities  under  its  Huawei 
Technologies-3Com  joint  venture. 

TippingPoint’s  UnityOne  products  are 
hardware  appliances  used  to  detect  mali¬ 
cious  traffic  at  the  network  edge  or  inside  a 
corporate  LAN.  The  boxes  are  placed 
between  routers  and  firewalls  on  the  edge, 
or  between  LAN  switches  inside  a  campus 
network.  Instead  of  inspecting  traffic 
streams  mirrored  off  of  network  devices, all 
live  production  traffic  passes  through  the 


tool  to  move  CAs  customers  from  the 
eTrust  software  becomes  available  and  a 
new  version  of  SiteMinder  is  developed 
that  blends  aspects  of  both  products,  CA 
will  phase  out  eTrust  Web  Access  Control. 
Lander  says  it  isn’t  possible  to  say  exactly 
when  this  might  occur. 

The  company  doesn’t  plan  changes  to  its 
eTrust  Single-Sign-On  product,  but  will  add 
a  single  sign-on  capability  to  SiteMinder  for 
both  Web  and  non-Web-based  applications 
in  the  future. 

CA  plans  to  continue  to  offer  Netegrity’s 
TransactionMinder,  which  is  a  Web  services 
security  product  that  controls  access  by 
requiring  authentication  across  XML-based 
business  services.  CA  plans  to  expand 
TransactionMinder  to  also  include  policy- 
based  attack  prevention  from  malicious 
code  and  offer  the  product  in  hardware- 
based  appliance  form. 

“Just  as  someone  can  go  and  hack  a  site 
by  doing  buffer  overflows  at  a  Web  site,  Web 


Growing  IDS/IPS  sales 

$135  million  in  intrusion- 
detection/protection  gear  was 
sold  in  the  third  quarter,  and 
$182  million  in  sales  is  expected 
by  the  third  quarter  of  2005. 

SOURCE:  INf  ONETICS  '  /•'  , 


boxes,  which  can  process  traffic  at  up  to  2G 
bit/sec,  the  company’s  Web  site  says. 

Hardware  in  the  appliances  inspects 
packets  at  Layers  2  through  7  and  can  iden¬ 
tify  and  filter  suspicious  packets,  recogniz¬ 
ing  attack  signatures  targeted  at  weakness¬ 
es  in  operating  system  software  on  servers 
and  network  equipment.  The  devices  also 
can  detect  unusual  traffic  patterns  Trojan- 
or  worm-infected  machines  on  a  network 
cause  and  shut  off  those  connections,  the 
company  says.TippingPoint  has  a  manage¬ 
ment  appliance  and  software  for  adminis¬ 
tering  polices  and  security  data  across 
thousands  of  UnityOne  appliances  inside 
an  organization. 

3Com  CEO  Bruce  Claflin  says  3Com  first 
will  sell  the  UnityOne  products  under  the 
3Com  brand,  and  then  integrate  the  tech- 


services  has  similar  issues,”  Lander  says.“ We 
want  to  have  an  appliance  that  acts  some¬ 
what  like  a  firewall  or  intrusion-prevention 
system  for  Web  services.” 

Netegrity’s  eTrust  Admin  competes 
directly  with  Netegrity’s  IdentityMinder 
eProvision  software,  and  for  the  short 
term,  CA  plans  to  support  and  continue 
developing  both  products  in  parallel, 
releasing  both  eTrust  Admin  8. 1  next  quar¬ 
ter  and  eProvision  6.0  in  the  second  quar¬ 
ter  as  scheduled. 

“The  area  [in  which]  we  have  the  most 
work  to  do  is  provisioning,”  Lander 
acknowledges.  The  challenge  is  to  build  a 
provisioning  product  that  can  adapt  to  the 
different  types  of  workflow  and  approvals 
process  each  corporation  might  use.  “No 
two  companies,  or  their  business  process¬ 
es,  are  alike,”  he  says. 

Over  the  long  term  —  the  exact  time- 
frame  might  be  spelled  out  in  more  detail 

See  Identity  management,  page  18 


nology  into  its  line  of  routers  and  switches, 
possibly  as  blades  in  3Com’s  7700  or  8800 
series  switches.  Claflin  says  3Com  also  will 
modify  TippingPoint  products  in  the  future 
for  an  intrusion-prevention  system  offering 
aimed  at  small  and  midsize  businesses, 
where  3Com  has  a  strong  presence. 

Claflin  also  sees  the  TippingPoint  prod¬ 
ucts  as  an  entree  for  3Com’s  routers  and 
switches  into  larger  corporate  networks. 

“For  most  CIOs,  security  is  top  of  mind,” 
Claflin  says.  TippingPoint  gives  3Com  “a 
security  capability  that  will  interest  any  CIO 
in  any  company  in  the  world.” 

3Com  will  pay  $47  per  share  for  out¬ 
standing  stock  of  TippingPoint,  which  is 
based  in  Austin,  Texas,  and  has  125 
employees.  TippingPoint  will  become  a 
division  of  3Com,  pending  completion  of 
the  deal,  which  is  expected  in  the  first 
quarter  of  2005.  TippingPoint  CEO  Kip 
McClanahan  will  act  as  president,  report¬ 
ing  to  Claflin. 

TippingPoint  competes  with  such  ven¬ 
dors  as  Cisco,  Network  Associates,  Internet 
Security  Systems,  TopLayer  Networks  and 
Vsecure,  among  others. 

“I  like  the  deal,”  says  Jon  Oltsik,  senior 
analyst  with  Enterprise  Strategy  Group.  “It 
gives  3Com  a  unique  offering  with  the  com¬ 
bination  of  Huawei  and  Crossbeam.”  ■ 


3Com  buys  TippingPoint  for  $430m 
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The  IBM  PC  father:  Remembering  Don  Estridge 


With  IBM’s  recent  announcement 
that  it  was  saying  sayonara  (or  the 
Chinese  equivalent)  to  its  PC  busi¬ 
ness,  it  seems  the  right  time,  finally,  to  fin¬ 
ish  writing  a  column  that  has  been  brew¬ 
ing  for  a  while  —  about  the  man  who 
brought  us  the  IBM  PC  to  begin  with  — 
Philip  “Don”  Estridge. 

While  many  of  us  remember  the 
“Steves”  —  Jobs  and  Wozniak  —  with 
their  original  Apples  as  the  pioneers  of 
personal  computing,  most  of  us  owe  our 
careers  to  the  ascent  of  that  device 
known  as  the  “IBM-compatible  Personal 
Computer.”  And  the  IBM  PC  owes  its  exis¬ 
tence  to  one  Don  Estridge. 

What  brought  this  to  mind?  Recently, 
we  at  The  Tolly  Group  completed  our 
relocation  to  Boca  Raton,  Fla.  Our  facil¬ 
ity  is  not  much  more  than  a  stone’s 
throw  from  what  used  to  be  IBM’s  Boca 
Raton  facility  —  where  the  PC  was  born 
in  the  early  1980s. 

And,  across  the  street  from  that  site,  now 


■  BY  PHIL  HOCHMUTH 

IQ  NetSolutions  this  week  is  scheduled 
to  add  features  to  its  IP  telephony  applica¬ 
tion  suite  that  let  users  tie  together  dis¬ 
parate  voice  and  messaging  systems  — 
such  as  legacy  PBXs,  IP  PBXs  and  unified 
messaging  servers  —  into  a  single  end- 
user  application  that  supports  conferenc¬ 
ing,  click-to-dial  and  other  features. 

VistaPoint  software  runs  on  a  Windows- 
based  server  and  connects  to  legacy  and 
IP  voice  systems  via  System  Interface 
Modules  (SIM), pieces  of  code  the  vendor 
has  written  to  access  features  on  other  sys¬ 
tems.  For  instance,  VistaPoint  software 
could  tie  together  an  IP-enabled  Nortel 
PBX,  3Com  and  Cisco  IP  PBXs  and  a 
Microsoft  Exchange  e-mail  server  to  cre¬ 
ate  a  unified  messaging  architecture,  pres¬ 
ence  capabilities  and  conferencing  sup¬ 
ported  across  all  platforms.  (Alcatel, 
Avaya,  Mitel  and  Siemens  TDM/IP  gear 
also  is  supported.) 

The  new  software  includes  SIM  software 
for  tying  a  Microsoft  Live  Communication 
Server  (LCS)  into  VistaPoint.  Through  a 
client  interface,  users  can  get  presence 
information  about  others  who  are  attached 
to  a  Session  Initiation  Protocol  (SlP)-based 
Microsoft  LCS  —  instant  messaging  or 
videoconferencing  end  users  with 


called  T-Rex  (IBM  is  long  since  gone),  is 
Don  Estridge  High-Tech  Middle  School.  I 
pass  this  site  every  day  as  I  take  my  kids 
to  school,  and  being  a  high-tech  old- 
timer,  I  remembered  the  name. 

Although  I  never  met  him,  I  remem¬ 
bered  vaguely  that  he  was  an  IBM  vice 
president  and  that  he  was  “associated” 
with  the  early  days  of  the  PC  and,  sadly, 
that  he  was  killed  in  a  plane  crash 
in  Dallas  in  1985.  A  little  informal 
research,  though,  left  me  in  awe  of  what 
that  man  did. 

He  led  the  “skunk  works”  that  gave  us 
the  IBM  PC  —  a  team  of  14  people.  No, 
that  is  not  a  typo.  Fourteen.  And,  of 
course,  because  they  were  building 
from  scratch,  they  started  out  with  a  rev¬ 
enue  base  of  zero. 

By  the  time  he  gave  up  the  reins  of  the 
PC  Division,  known  then  as  the  Entry 
Level  Systems  division  shortly  before  he 
died  in  1985,  the  division  had  10,000 
employees  and  revenue  of  $4.5  billion. 

Before  the  PC,  the  best-selling  (albeit 
more  expensive)  IBM  computer  is  said  to 
have  sold  25,000  units.  Estridge’s  team 
estimated  250,000  units  over  three  years. 
They  were  wrong.  By  1985  almost  1  mil¬ 
lion  units  were  sold. 

And  he  and  his  team  did  all  this  inside 


Microsoft  Messenger.  SIP  support  also  can 
tie  in  other  SIP-based  platforms,  such  as 
Alcatel’s  OmniPCX  or  Siemens’  OpenScape 
IP  PBX  and  messaging  platforms. 

Another  new  feature  of  the  VistaPoint 
software  is  the  ability  to  tie  cell  phones 
into  a  presence/conferencing  system. 
Cell  phones  are  connected  to  VistaPoint 
by  loading  the  phones  with  a  special 
midlet  —  a  tiny  cell  phone  application 
(ring  tones  and  games  are  common 
examples). 

The  VistaPoint  midlet  lets  the  software 
connect  and  transfer  cell  phone  users  in 
VistaPoint  conferences,  and  include  cell 
phone  users  in  presence  applications.  IQ 
NetSolutions  says  the  midlets  will  work  on 
most  cell  phones  and  can  be  down¬ 
loaded  to  phones  via  USB  ports,  recharg¬ 
ing  cradles  or  via  wireless  Bluetooth. 

IQ  NetSolutions’ software  competes  with 
most  business  IP  telephony  vendors’  uni¬ 
fied  messaging  products  for  their  respec¬ 
tive  systems;  among  them  are  3Com’s 
Convergence  Application  Suite,  Avaya’s 
Unified  Communicator,  Cisco’s  Unity  plat¬ 
form,  Nortel’s  CallPilot  and  Siemens’ 
OpenScape  product. 

The  new  VistaPoint  package  costs  $50 
per  end-user  license.  The  server  also  costs 
$5,000,  and  administration  software  costs 
$600.  ■ 


IBM.  1  have  the  greatest  respect  for  IBM, 
but  anyone  who  worked  for  or  with  IBM 
in  that  era  (I  was  a  customer  at  that 
time)  will  appreciate  how  difficult  his 
task  was. 

Where,  heretofore,  every  IBM  computer 
was  built  with  IBM  parts,  Estridge  chose 
off-the-shelf  components  to  keep  down 
costs.  We  couldn’t  imagine  PCs  today  that 
had  nothing  but  proprietary  hardware 
components. 

Most  importantly,  he  made  the  decision 
to  make  the  PC  “open” —  to  provide  suffi¬ 
cient  information  about  its  specifications 
to  let  other  manufacturers  build  on  what 
IBM  had  done  —  which,  of  course,  result¬ 
ed  in  the  ubiquity  that  Apple,  for  all  of  its 
quality  and  innovation,  has  never  had. 

And,  while  IBM  was  the  largest  software 
company  in  the  world,  he  opted  there, 
too,  for  open, “third-party”  software. 


Identity  management 

continued  from  page  17 

at  the  RSA  Security  Conference  in  February 
—  CAs  strategy  entails  delivering  a  new 
product  for  provisioning  that  would  include 
features  such  as  discovery  asset  manage¬ 
ment,  federated  provisioning  and  compli¬ 
ance  management.  At  that  point,  CA  would 
offer  a  migration  path  to  eTrust  Admin  and 
IdentityMinder  eProvision  customers. 

For  its  part,  IBM,  which  markets  the 
Tivoli  identity  management  suite,  which 
includes  Tivoli  Access  Manager  for  sin¬ 
gle  sign-on  and  Identity  Manager  for 
central  coordination  of  user  accounts, 
also  plans  some  strategic  changes  in  the 
coming  year. 

IBM  foresees  working  more  closely  with 
Cisco  on  several  fronts. The  first  undertak¬ 
ing  in  the  partnership  is  to  ensure  that 
Cisco  VPN  and  VoIP  usage  becomes 
another  service  that  can  be  provisioned 
and  de-provisioned  via  the  Tivoli  Identity 
Manager  server. 

“We’ve  synchronized  the  user  IDs  in 
Cisco  Secure  Access  Control  Server  with 
the  users  in  Identity  Manager,”  says  Jeff 
Currie,  chief  strategist  for  identity  man¬ 
agement  at  IBM.  “This  enables  IBM  cus¬ 
tomers  of  Identity  Manager  to  centrally 
turn  these  users  on  and  off  the  network” 
through  the  Tivoli  provisioning  and  de¬ 
provisioning  process  working  with  ACS. 

IBM  last  month  undertook  this  kind  of 
integration  with  other  vendors’  products, 
including  Siebel  Systems  password  man¬ 
agement  and  several  biometrics  devices, 
smart  cards  and  badge  readers,  such  as 
those  from  VeriSign,  ActivCard  and 
Bioscript. 

IBM’s  effort,  and  many  others  like  it 
from  companies  such  as  HP  Sun  and 
Microsoft,  seek  to  let  users  authenticate 
once  to  a  local  network  and  be  able  to 
pass  that  authentication  on  to  partners 
for  access  to  services  or  data.  This  idea 
is  vital  to  the  creation  of  federated  iden¬ 
tity.  But  the  road  to  the  goal  of  federated 


In  a  1982  interview  with  PC  Magazine 
(www.nwfusion.com,  DocFinder:  5127), 
he  is  quoted  as  saying: 

“We  didn’t  think  we  could  introduce  a 
product  that  could  out-BASIC  Microsoft’s 
BASIC.  We  could  have  to  out-BASIC 
Microsoft  and  out-VisiCalc  VisiCorp  and 
out-Peachtree  Peachtree  —  and  you  just 
can’t  do  that.” 

And,  according  to  one  biography,  in 
1983  he  turned  down  a  multimillion- 
dollar  offer  from  Apple  to  become  its 
president. 

So  as  IBM  goes  full  circle  and  exits  the 
PC  business,  let’s  not  forget  the  man  that 
got  the  company  there  in  the  first  place. 

Tolly  is  president  of  The  Tolly  Group,  a 
strategic  consulting  and  independent  test¬ 
ing  company  in  Boca  Raton,  Fla.  He  can  be 
reached  at  ktolly@tolly.com. 
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Know  your  identity 

A  survey  of  26  organizations 
attending  a  Burton  Group 
conference  last  month  showed 
more  than  half  had  identity  projects 
in  production  or  pilot  mode. 

When  did  or  will  your  organization 
start  using  federated  identity? 
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identity  can  be  a  long  one. 

United  Parcel  Service  (UPS),  for  exam¬ 
ple,  has  worked  for  two  years  to  ensure  its 
150,000  employees  could  gain  remote 
access  to  human  resources  applications 
through  IBM’s  WebSphere  portal.  The 
authentication  method,  says  Jim  Flynn, 
systems  manager  for  security  and  strategy 
at  UPS,  is  the  SecurlD  dynamic-password 
token  from  RSA. 

Flynn  says  UPS  is  looking  at  using  IBM’s 
Tivoli  suite  for  central  provisioning  of  all 
applications. 

“We  think  this  will  improve  audits  for 
compliance  reasons  and  make  [the  provi¬ 
sioning  process]  automatic,”  Flynn  says. 
Ultimately,  UPS  also  wants  to  engage  with 
trading  partners  and  customers  for  feder¬ 
ated  identity.  Flynn  says  he  knows  there  is 
a  lot  of  work  ahead  for  that.  ■ 


IQ  NetSolutions  software 
unites  telephony  apps 
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PCI-Express  on  the 


server  fast  track 


Bus  route 

PCI  buses  have  been  evolving  for  more  than  a  decade,  with  the  new 
PCI-Express  serial  bus  designed  to  support  high-speed  interconnects 
and  faster  processing  servers. 

1992 

Intel  introduces  PCI  (peripheral  component  interconnect),  which 
supports  a  clock  speed  of  33  MHz  with  peak  bandwidth  of  266M 
byte/sec  at  64  bits. 

PCI-Sig,  an  industry  group  including  Intel,  IBM,  Compaq,  Dell 
and  Microsoft,  is  formed  to  oversee  development  of  PCI. 

1995 

PCI  2.1  is  introduced,  bringing  clock  speed  up  to  66  MHz  with 
peak  bandwidth  of  533M  byte/sec  at  64  bits. 

1998 

PCI  2.2  is  released  with  throughput  of  up  to  533M  byte/sec. 

1999 

PCI-X  1.0  is  introduced,  supporting  frequencies  up  to  133  MHz 
and  total  data  throughput  of  more  than  1G  byte/sec. 

2001 

Compaq,  Dell,  IBM,  Intel  and  Microsoft  announce  a  joint  effort 
to  create  a  3G  I/O  interconnect  architecture  code-named 
“Arapahoe”  and  aimed  at  meeting  the  bandwidth  demands  of 
new,  more  powerful  applications. 

February  2002 

PCI-X  2.0  is  introduced,  bringing  PCI  throughput  capabilities  to 
more  than  4G  byte/sec. 

April  2002 

PCI-Express,  formerly  3GIO  (3G  I/O),  is  introduced.  It  uses  a 
serial  architecture  that  backers  say  will  overcome  bandwidth 
and  scalability  limits  inherent  in  the  parallel  PCI  bus.  Runs  at 

2.5  GHz  with  throughput  of  2G  byte/sec  each  way.  Can  support 
up  to  16  dual-lane  links. 

September  2003 

Dell  and  Intel  co-found  the  PCI-Express  IT  Network  to  provide 
industry  support  for  the  new  bus  architecture. 

July  2004 

Intel  releases  Lindenhurst,  its  first  chipset  that  supports 
PCI-Express. 

Fall  2004 

Systems  vendors  such  as  HP  and  Dell  begin  shipping  servers 
with  PCI-Express. 

■  BY  JENNIFER  MEARS 

As  high-speed  interconnects  and  virtual¬ 
ization  software  make  their  way  into  enter¬ 
prise  data  centers,  IT  managers  need  to 
take  a  close  look  at  how  their  servers  are 
keeping  pace. 

Experts  say  that  in  many  cases  corporate 
users  will  find  that  servers  are  not  taking 
full  advantage  of  new  technologies  be¬ 
cause  of  limitations  in  the  system  PCI  and 
PCI-X  bus,  the  I/O  slot  where  servers  hook 
into  peripherals  such  as  network  and  stor¬ 
age  devices.  The  parallel  architecture  of 
today’s  PCI  technology  limits  the  band¬ 
width  and  throughput  available  to  move 
data  in  and  out  of  servers. 

Intel,  Dell,  HP  IBM,  Microsoft  and  others 
have  been  working  on  a  serial  I/O  technol¬ 
ogy  called  PCI-Express  that  is  designed  to 
keep  up  with  advances  in  interconnect 
bandwidth  and  speed.  By  enabling  data  to 
move  more  quickly  in  and  out  of  servers, 
users  also  will  be  able  to  make  better  use 
of  new  architectures  such  as  multi-core 
chips,  in  which  more  than  one  core  resides 
on  a  single  die;  and  virtualization,  in  which 
multiple  virtual  servers  reside  and  run  on  a 
single  physical  machine.  The  new  server 
designs  will  have  more  processing  power, 
and  there  needs  to  be  a  gateway  that  can 
handle  larger  volumes  of  data  that  moves 
more  quickly 

“We’re  at  the  point  where  we  can’t  take 
advantage  of  things  like  faster  processors  or 


■  The  creators  of  the  Globus  open 
source  grid  software  have  launched 
a  software  and  services  company 
called  Univa  with  the  hopes  of  capi¬ 
talizing  on  their  work  in  grid  comput¬ 
ing.  The  open  source  Globus  grid 
software  already  serves  as  one  of 
the  primary  building  blocks  for  a 
number  of  commercial  grid  prod¬ 
ucts,  as  well  as  for  academic  super- 
computing  projects.  The  first  prod¬ 
ucts  offered  by  Univa  are  expected 
to  hit  the  market  next  year  and  will 
be  enhanced  versions  of  the  Globus 
software  for  enterprise  customers 
based  on  Globus  Toolkit  Release  4. 


faster  graphics  cards,  or  keep  up  with  some 
of  the  [storage-area  networks]  and  [net- 
work-attached  storage]  capabilities,”  says 
Vernon  Turner,  group  vice  president  and 
general  manager  of  enterprise  computing 
at  IDC.  “For  example,  right  now  you  could 
have  iSCSI  drives  using  10G  Ethernet  and  if 
you’re  using  PCI-X,  you’re  the  bottleneck. . . . 
With  PCI-Express,  you  finally  have  some¬ 
thing  that  gets  you  to  the  speed  of  the  I/O 
devices  outside  the  box  being  fed  by  some¬ 
thing  that’s  fast  enough  inside  the  box.” 

Systems  vendors  including  Dell,  HP  and 
IBM  began  shipping  servers  with  PCI- 
Express  slots  this  fall.  Analysts  say  there  are 
no  real  competitors  to  the  PCI-Express 
technology  because  efforts  to  enhance  the 
parallel  PCI  standard  have  been  discarded. 

“It’s  hard  to  imagine  a  vendor  not  on  the 
PCI-Express  bandwagon,”  says  Gordon 
Haff,  an  analyst  at  Illuminata.  “The  only 
question  is  how  quickly  you  need  to 
make  the  transition.” 

Dell,  which  co-founded  the  PCI-Express 
IT  Network  with  Intel  last  year,  is  a  leading 
supporter.  Dell  executives  say  PCI-Express 
will  help  make  their  vision  of  a  “scale-out” 
data  center  a  reality  Already  users  are  clus¬ 
tering  standards-based  x86  servers  to  run 
applications  that  previously  relied  on  big 
symmetric  multiprocessing  systems. 

“The  next  wave  is  how  are  you  looking  at 
SAP  Oracle,  SQL  Server  —  those  kinds  of 
applications.  Today  those  are  done  typic¬ 
ally  on  four-way  eight-way  and  16-way  sys¬ 
tems,”  says  Jose  Tormo,  director  of  business 
planning  at  Dell.  “What  we’re  finding  with 
architectures  like  PCI-Express  is  we’re 
enabling  clusters  of  two-ways  and  four- 
ways  to  go  displace  bigger  systems.” 

The  new  I/O  architecture  of  PCI-Express 
uses  serial  links  similar  to  those  in  Gigabit 
Ethernet  and  Fibre  Channel  to  move  data 
in  and  out  of  servers. 

The  original  PCI  standard  uses  a  parallel 
shared-bus  architecture  in  which  chunks  of 
data  move  side  by  side.  The  trouble  is  that 
signals  have  to  be  coordinated,  and  as  you 
increase  bandwidth  by  adding  more  signal 
paths  and  increase  speed  by  upping  signal 
frequency  it  becomes  increasingly  difficult 
—  and  expensive  —  to  keep  those  signals 
tightly  coordinated.  With  traditional  PCI 
and  PCI-X,  each  I/O  device  must  share  the 
single  bus. 

But  PCI-Express  gives  each  device  its  own 
bus,  called  a  link.  Each  link  is  made  up  of 
two  lanes,  one  for  receiving  and  one  for 
transmitting  data, and  each  operating  at  2.5 
GHz.  PCI-Express  can  increase  throughput 


by  adding  links  and  today  PCI-Express  is 
available  in  one-,  four-,  eight-  and  16-link 
configurations,  says  Jim  Pappas,  director  of 
enterprise  initiatives  at  Intel. 

That  gives  servers  throughput  capabilities 
of  up  to  80G  bit/sec  with  a  16-link  PCI- 
Express  slot.  By  contrast,  PCI-X  in  its  fastest 
configuration  moves  32G  bit/sec. 

Being  able  to  move  data  quickly  and  eco¬ 
nomically  is  important  as  faster  intercon¬ 
nects  such  as  InfiniBand  and  10G  Ethernet 
become  more  widespread,  and  as  servers 
become  more  powerful  with  multi-core 
chips  and  virtualization  capabilities. 

Formerly  3GIO  (third  generation  I/O),  the 
technology  was  renamed  PCI-Express 
when  it  was  introduced  in  2002.  Intel 
released  its  first  server  chipset  supporting 
PCI-Express  in  July  which  let  systems  ven¬ 
dors  ship  boxes  with  PCI-Express  slots  dur¬ 
ing  the  last  few  months. 


Dell,  for  example,  includes  a  PCI-Express 
slot  on  several  servers,  including  its  new 
PowerEdge  1855  blade  server.  IBM  includes 
PCI-Express  slots  on  all  new  dual-processor 
Xeon  boxes.  And  HP  has  added  PCI- 
Express  support  to  its  Xeon  servers. 

Boxes  with  PCI-Express  slots  also  support 
PCI  and  PCI-X  to  ensure  that  users  don’t 
have  to  throw  out  legacy  cards.  PCI-Express 
also  is  backward-compatible  with  most 
software,  meaning  that  drivers  do  not  have 
to  be  rewritten. 

PCI-Express  initially  has  made  inroads  in 
industries  where  users  need  more  I/O 
power  for  graphics  design,  video  and  gam¬ 
ing  applications.  Analysts  say  the  technol¬ 
ogy  will  start  to  take  root  in  the  enterprise 
data  center  over  the  next  year  or  so  to 
improve  server  I/O  performance  for  stor¬ 
age  and  clustering  where  low  latency  and 
high-speed  connections  are  important.  H 
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reater  bandwidth, 
continuous  innovation, 


plus  compelling  cost  efficiency  make 
Ethernet  the  technology  of  choice  for 
enterprise  and  service  providers  alike. 
Foundry’s  Metro  Ring  Protocol 
(MRP)  takes  Ethernet  to  a  whole 
new  level  enabling  the  creation  of 
highly  scalable,  resilient,  fast 
converging  Ethernet  rings. 

Relying  on  an  intuitive  Ring  Hello 
mechanism.  Foundry’s  patented  MRP 
is  unique  in  its  ability  to  eliminate 
loops  in  ring  based  networks,  offering 
unprecedented  flexibility  in  ring 
interconnection,  and  offering  rapid 
sub-second  convergence  in  case  of 
link  or  device  failure.  The  Virtual 
Switch  Redundancy  Protocol  (VRSP) 
complements  MRP  by  providing 
redundant  interconnection  to  the 
backbone  and  default  gateway 
redundancy  for  edge/distribution 
layer  devices. 


FOUNDRY 

NETWORKS 

The  Power  of  Performance ™ 


^ One  of  the  key  problems  in 
naming  Layer  2  Metropolitan 
Area  Networks  is  the  need  for 
rapid  reconfiguration  if  outages 
occur.  Foundry's  MRP  offers  the 
simplicity  of  Ethernet  combined 
with  SONET-like  rapid  failover, 
and  allows  service  provider  to 
take  advantage  of  the  low  cost 
and  simplicity  of  Layer  2 
Ethernet  networks  while  solving 
redundancy  and  scalability  issues 

Kent  MacDonald, 
Director  of  Telecom  Operations, 
Toronto  Hydro  Telecom 


^ We  chose  Foundry’s  Metro 
solution  because  it  meets  our 
strict  performance  and  reliability 
demands  perfectly  while  assuring 
us  of  the  capacity  and  scalability 
we  require  to  meet  our  future 
needs.  Foundry’s  Metro  Ring 
Protocol  allows  GlobalConnect 
to  guarantee  optical  network 

convergence  and  sub-second 

■  »» 
service  restoration  times. 

Niels  Zibrandtsen,  CEO, 
GlobalConnect 


MRP  Advantages 

•  EFFICIENT  SIMPLE  CONTROL  OF  ETHERNET  RINGS 

•  RAPID  CONVERGENCE  FOR  HIGH  AVAILABILITY 

•  COST  EFFICIENT 

•  Efficient  ring  bandwidth  Utilization 

•  superior  Scalability,  stability,  and  Redundancy 


Example  Metro  Area  Network  (MAN)  Deployment  Scenario 


Example  Enterprise  Deployment  Scenario 


Example  MRP  and  VSRP  deployment  scenarios  in  both  enterprise  and 
MAN  to  build  high-performance,  high-availability,  and  scalable  networks. 


Foundry  Networks,  Inc.  is  a  leading  provider  of  high-performance  enterprise  and  Service  Provider  switching,  routing 
and  Web  traffic  management  solutions  including  Layer  2/3  LAN  switches,  Layer  3  Backbone  switches,  Layer  4-7  Web 
switches,  wireless  LAN  and  access  points,  access  routers  and  Metro  routers. 

FOR  MORE  INFORMATION  PLEASE  CALL:  US/CANADA  1  BBS  TURBOLAN, 

INTERNATIONAL  +1  408.536.  1  700  OR  VISIT  OUR  WEBSITE  AT  WWW.FOUNDRYNET.COM/MRP 
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Retailers  ease  search,  checkout  procedures 


■  BY  ANN  BEDNARZ 

A  wine  connoisseur  has  something  spe¬ 
cific  in  mind  when  searching  for  a  “dead 
arm”  vintage.  But  can  a  Web  site’s  search 
engine  understand  the  subtlety  of  that 
query? 

Not  all  of  them,  says  Francis  Juliano, 
CIO  at  Wine.com.  The  San  Francisco  re¬ 
tailer  tried  a  few  search  engines  before  it 
selected  Endeca’s  InFront  search,  naviga¬ 
tion  and  merchandising  software. 

“Dead  arm”  refers  to  a  condition  when 
one  half  of  a  T-shaped  grape  vine  is  lost  to 
disease,  and  all  of  the  nutrients  destined  for 
the  lost  arm  are  routed  to  the  remaining 
healthy  arm,  resulting  in  a  particularly  rare 
and  flavorful  wine,  Juliano  explains. 

“It’s  not  hard  to  find  what  you’re  looking 
for  if  you  want  a  ’96  Dom  Perignon,  but  if 
you’re  looking  for  a  d’Arenberg  Dead  Arm 


■  New  software  from  Skybox  Sec¬ 
urity  will  help  companies  monitor 
their  networks,  comply  with  federal 
and  state  data  security  regulations, 
and  prepare  for  new  Internet  worms, 
the  company  says.  Skybox  View  2.0  is 
the  latest  edition  of  the  company's 
security  risk  management  software. 
The  product  lets  companies  continu¬ 
ously  monitor  systems  on  their  net¬ 
works  to  spot  risks  that  might  jeop¬ 
ardize  compliance  with  federal  regu¬ 
lations,  such  as  the  Sarbanes-Oxley 
Act  of  2002  and  the  Gramm-Leach- 
Bliley  Act  of  1999.  Skybox  View  2.0 
costs  $50,000. 

■  Vintela  last  week  released  Vintela 
Management  Extension  1.1,  which 
plugs  into  Microsoft's  System  Man¬ 
agement  Server  2003  and  extends 
the  software's  management  and 
administrative  features  to  Unix, 
Linux  and  Mac  OS  X  systems.  The 
software  costs  $2,000,  which  in¬ 
cludes  one  server  license  and  10 
workstation  licenses.  Each  additional 
non-Windows  server  managed  via 
SMS  is  $125.  Each  non-Windows 
workstation  is  $75. 


Shiraz,  that’s  a  different  stoiyf  Juliano  says. 

With  the  holiday  shopping  season  in  full 
swing,  online  retailers  can’t  afford  to  turn 
away  shoppers  with  poorly  organized 
Web  stores,  weak  search  tools  and  other 
common  Web  site  pitfalls.  There’s  too 
much  at  stake:  Industry  watchers  estimate 
online  shopping  tallies  this  year  will  ex¬ 
ceed  $20  billion,  up  20%  over  last  year’s 
holiday  season. 

To  prepare  for  the  onslaught,  retailers 
have  spent  the  last  several  months  improv¬ 
ing  their  sites.  One  area  that’s  gotten  a  lot  of 
attention  is  search. 

“We  do  a  dominant  portion  of  our  busi¬ 
ness  in  the  fourth  quarter. The  last  thing  we 
want  is  for  people  to  do  a  search  on  our 
site  and  leave  because  they  can’t  find  what 
they’re  looking  for”  Juliano  says.  It’s  even 
worse  ifWine.com  has  the  product  a  shop¬ 
per  wants  but  the  search  engine  couldn’t 
interpret  the  query  he  says. 

With  its  old  search  tools, Wine.com  would 
have  spent  “several  man  weeks”  program¬ 
ming  the  software  to  understand  a  query 
like  “dead  arm,”  Juliano  says.  With  Endeca, 
it  didn’t  have  to  do  any  custom  coding  for 
the  software  to  process  the  query 

Analysts  agree,  strong  search  capabilities 
are  key  to  a  Web  site’s  performance.  More 
online  buyers  today  rely  on  site  searches 
than  in  the  past.  For  example,  9.3%  of  all 
sales  in  the  third  quarter  of  this  year  came 


Anatomy  of  an  online  shopper 

Make  it  quick  and  easy  to  find  and  buy  products  if  you  want  to  attract 
today’s  online  shoppers.  Doubleclick’s  latest  “E-Commerce  Site  Trend 
Report”  dissects  online  buyers’  shopping  habits. 


Impatient: 


Have  money  to 
spend: 

r  4.6% 


4.6%  of  visitors 
made  a  purchase  in 
the  last  quarter, 
compared  with 
2.8%  a  year  earlier. 
The  average  order 
value  was  $139. 


Look  for  search 
assistance: 


9.3%  of  all  sales 
came  through  the 
search  function 
on  shopping  sites, 
compared  with 
6.6%  a  year 
earlier. 


Visitors  spent 
10%  less  time  on 


each  session  — 
4.4  minutes, 
compared  with 
4.9  minutes  a 
year  earlier. 


r57% 


57%  of  people 
who  initially  add 
something  to  their 
shopping  carts 
abandon  the  carts 
without  making  a 
purchase. 


through  the  search  function  on  shopping 
sites,  compared  with  6.6%  a  year  earlier, 
Doubleclick  reported  in  its  most  recent 
“E-Commerce  Site  Trend  Report.” 

While  it’s  not  always  easy  to  quantify  the 
effects  of  a  Web  site  enhancement,  when 
Urban  Outfitters  overhauled  its  site  search 
capabilities,  the  results  were  impossible  to 
ignore.  The  average  order  value  among 


people  using  its  new  search  tools  is  up 
13%,  says  David  Hayne,  development  man¬ 
ager  at  Urban  Outfitters  in  Philadelphia. 

For  its  site  search  overhaul,  Urban  Out¬ 
fitters  chose  a  hosted  offering  from  Atomz. 
Urban  Outfitters  doesn’t  have  a  large  tech¬ 
nical  staff,  so  using  an  application  service 
provider  is  a  good  fit,  Hayne  says. 

See  Search,  page  22 


Presence  application  tool  kit  on 


■  BY  JOHN  FONTANA 

Instant-messaging  gateway  and  security 
vendor  Akonix  next  month  is  set  to  release 
tools  to  help  corporate  customers  integrate 
presence  information  into  their  enterprise 
applications. 

With  L7  Builder,  Akonix  will  provide  a 
set  of  APIs  that  developers  can  use  to 
build  applications  that  use  presence  in¬ 
formation  for  communication  or  routing 
purposes,  and  a  server  for  deploying 
those  applications.  L7  Builder  also  will  let 
users  retrofit  existing  applications,  such 
as  CRM  and  ERR  with  presence  informa¬ 
tion  for  use  in  enhancing  communica¬ 
tion  or  accessing  data  via  1M. 

Akonix  rival  IMlogic  released  a  similar  set 
of  tools  earlier  this  year  called  IM  Linkage, 
which  lets  developers  and  independent 
software  vendors  (1SV)  incorporate  pres¬ 


ence  into  Java  2  Platform  Enterprise  Edi¬ 
tion,  .Net  and  Web  services  applications. 

L7  Builder  provides  the  same  capabili¬ 
ties  and  works  with  the  major  public  IM 
services  —  AOL, Yahoo  and  MSN  —  with 
servers  based  on  the  standard  Extensible 
Messaging  and  Presence  Protocol  and 
with  corporate  offerings  from  Microsoft 
and  IBM/Lotus.  IM  Linkage  also  works 
with  those  services. 

“These  vendors  are  servicing  two  mar¬ 
kets,  one  is  the  bleeding-edge  companies 
that  recognize  that  presence  does  have 
value,”  says  Melanie  Turek,  an  analyst  with 
Nemertes  Research. “These  are  companies 
that  are  saying  ‘let’s  embed  this  in  other  crit¬ 
ical  business  applications  that  we  use.’“ 

L7  Builder  includes  a  set  of  APIs  and  sam¬ 
ple  applications  in  L7  Builder  to  support 
the  use  of  presence  data  in  workflow  appli¬ 
cations  and  directory  services,  in  “bots”  that 


use  IM  for  data  queries,  in  alert  and  notifi¬ 
cation  services  that  distribute  information 
in  real  time,  and  for  routing  and  transfer 
functions  in  applications  such  as  help  desk 
and  customer  service. 

Akonix  also  has  incorporated  natural  lan¬ 
guage  technology  acquired  in  its  purchase 
of  vendor  Natural  Messaging  earlier  this 
year.  The  technology  lets  users  build  in  a 
“listening”  component  to  presence- 
enabled  applications  that  retrieves  data 
based  on  words  and  phrases,  such  as  prod¬ 
uct  names,  used  within  an  IM  exchange. 

“We  are  not  creating  an  IM  infrastructure, 
we  are  just  providing  the  tools  that  let  com¬ 
panies  more  fully  use  their  infrastructure,” 
says  Francis  Costello,  the  chief  marketing 
officer  for  Akonix. 

L7  Builder  is  in  beta  testing  and  is  ex¬ 
pected  to  ship  in  January.  Pricing  has  not 
been  announced.  ■ 
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A  year  ago  I  wrote  about  non-consumer- 
friendly  Web  sites  and  the  state  of 
e-commerce  in  the  U.S.This  seems 
like  a  reasonable  time  for  an  update. 

The  press  estimates  I  used  in  last  years 
column  (www.nwfusion.com,  DocFinder: 
5224)  turned  out  to  be  a  bit  optimistic.  Ac¬ 
cording  to  the  U.S.  Department  of  Com¬ 
merce  statistics  (DocFinder:  5225),  the 
growth  in  fourth-quarter  sales  from  2002  to 
2003  was  about  25%,  which  is  on  the  low 
end  of  the  26%  to  42%  estimates.The  value 
of  those  sales  was  about  $15  billion,  a  bit 
lower  than  the  $17  billion  estimate.  One 
number  1  used  doesn’t  seem  to  make  much 
sense,  and  I  have  no  idea  where  I  found  it. 
1  said  last  year  that  there  were  estimates  in 


A  year  later  and  still  grumpy 


the  press  that  online  sales  could  amount  to 
as  much  as  7.7%  of  total  sales.  Maybe  the 
number  referred  to  online  holiday  sales, 
but  it  is  clearly  not  correct  if  it  meant 
annual  sales.  The  Commerce  Department 
statistics  show  that  the  total  amount  of 
e-commerce  is  about  1.9%,  up  from  1.7% 
of  total  commerce,  but  nowhere  near 
7.7%.  E-commerce  is  showing  a  good  year- 
to-year  growth  at  more  than  20%,  but  it  still 
has  a  long  way  to  go  before  it  becomes  a 
significant  part  of  the  U.S.  economy  Maybe 
that  is  why  the  Streamlined  Sales  and  Use 
Tax  Act  that  I  referred  to  last  year  seems  to 
have  gone  nowhere  (DocFinder:  5226). 

After  my  complaint  in  last  year’s  column 
about  shopping  sites  that  will  not  let  you 
just  buy  something  but  rather  insist  that 
you  set  up  some  sort  of  account  before 
they  will  let  you  spend  your  money  I  got 
e-mail  from  a  number  of  people  who  de¬ 
fended  the  practice.  The  writers,  from  such 
sites  I  assume,  said  that  the  rules  are  there 
to  provide  better  customer  service.  I  don’t 


accept  that.  I  see  nothing  customer-service- 
oriented  in  forcing  people  who  might  only 
buy  one  thing  from  your  site  in  10  years  to 
set  up  an  account  that  they  will  forget  the 
password  for  (or  use  the  same  password 
that  they  use  for  their  office  computers  — 
a  real  bad  but  too  common  practice).  How 
is  it  customer-service-oriented  to  make  me 
go  through  a  time-consuming  process  to 
recover  the  password  I  used  two  or  more 
years  ago  just  so  1  can  order  something 
new?  I’m  all  for  a  site  offering  such  ac¬ 
counts,  but  to  insist  on  it  will  reduce  the 
number  of  customers  that  site  gets. 

That  reminds  me  of  a  particularly  annoy¬ 
ing, and  stupid, process  that  too  many  phys¬ 
ical  stores  have  now  adopted. The  cashier 
wants  to  know  your  name  when  you  try  to 
pay  for  something,  even  if  you  pay  in  cash. 

Even  Radio  Shack  finally  realized  that 
this  was  a  privacy  invasion  and  stopped 
doing  it.  For  these  stores  to  continue  to  ask 
(even,  like  today  at  my  local  computer/ 
electronic  store,  when  there  is  a  long  line 


of  people  waiting  to  pay)  is  annoying  but 
too  many  of  them  are  also  plain  stupid. 
When  I  tell  the  cashier  that  I  will  not  pro¬ 
vide  my  name,  he  has  to  pick  a  random 
person  from  the  database  because  there 
is  no  way  to  just  say  that  the  customer 
refused  to  provide  the  information. 

Thus  the  store  never  finds  out  how  many 
people  do  not  want  to  provide  the  infor¬ 
mation. They  also  corrupt  the  information 
in  their  databases  by  assigning  my  pur¬ 
chases  to  someone  else. That  is  stupid. 

Well,  happy  holiday  season  anyway.  I 
hope  you  had  more  fun  shopping  —  if 
that  is  something  you  do  —  than  I  did. 

Disclaimer:  I  did  not  ask  the  B-School 
what  its  opinion  is  about  forced  accounts 
or  other  business  stupidities,  so  the  above 
is  my  own  holiday  rant. 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Sys¬ 
tems.  He  can  be  reached  at  sob@sobco. 
com. 


Search 

continued  from  page  21 

The  Atomz  software  lets  site  visitors 
search  for  an  item  such  as  shoes  and  then 
use  subcategories  —  such  as  size,  color, 
price  and  brand  —  to  narrow  the  results. 

Urban  Outfitters  deployed  the  Atomz- 
powered  search  tools  in  August  and 
launched  a  redesigned  version  in  No¬ 
vember.  In  the  first  phase  of  the  rollout, 
the  site  featured  a  lot  of  drop-down 
menus  that  hid  selections  from  visitors. 
Then  Atomz  suggested  displaying  the 
lists  of  items  in  the  drop-down  menus 
rather  than  requiring  users  to  click  on 
the  menus. 

Now  users  are  more  likely  to  take  advan¬ 
tage  of  the  exposed  links,  Hayne  says. 
“That’s  the  world  of  the  Web.  Minor  tweaks 
can  make  a  world  of  difference,”  he  says. 

Fingerhut,  too,  noticed  an  immediate 
change  when  it  tackled  its  site  search  prob¬ 
lems  —  problems  the  catalog  and  Web 
retailer  didn’t  know  existed  until  it  de¬ 
ployed  Web  analytics  software  from 
Coremetrics. 

The  analytics  software  called  attention  to 
a  huge  number  of  Web  searches  that 
turned  up  zero  results  for  customers,  says 
Mike  Sidders,  director  of  e-commerce  and 
new  customer  acquisition  at  Fingerhut  in 
Minnetonka,  Minn. 

Sidders  knew  Fingerhut’s  search  tools 
were  rudimentary,  but  he  had  no  idea 
how  many  customers  were  turned  away 
by  it.  “Without  that  visibility,  we  never 
would  have  known  how  bad  it  was,  and 
we  wouldn’t  have  taken  the  steps  as 
aggressively  as  we  did  to  salvage  that  por¬ 
tion  of  our  business,”  he  says. 

By  tackling  the  search  gaps  over  the  last 
several  months,  Fingerhut  has  increased 
conversion  rates  among  shoppers  who  use 
the  search  tools  by  25%,  Sidders  says. 


Battling  abandonment 

Coremetrics’  statistics  also  helped  Finger¬ 
hut  tackle  another  pesky  Web  shopping 
problem:  abandoned  shopping  carts. 

More  than  half  (57%)  of  people  who  ini¬ 
tially  add  something  to  their  online  shop¬ 
ping  carts  abandon  those  carts  without 
making  a  purchase, according  to  Double- 
Click.The  firm  says  that  for  every  dollar  cus¬ 
tomers  spend  on  e-commerce  sites,  $4. 10  is 
left  in  abandoned  shopping  carts. 

By  streamlining  its  checkout  processes, 
Fingerhut  is  seeing  a  reduction  in  its  aban¬ 
doned  shopping  cart  rates,  Sidders  says. 

Likewise, TJX  Companies  is  making  a  play 


this  season  to  stop  the  cart-abandonment 
trend  before  it  has  a  chance  to  take  root  on 
its  new  e-commerce  sites. 

TJX  is  parent  to  eight  businesses  —  T.J. 
Maxx,  Marshalls,  HomeGoods,  A.J.  Wright 
and  Bob’s  Stores  in  the  U.S.;  Winners  and 
HomeSense  in  Canada;  and  T.K.  Maxx  in 
Europe.  It’s  had  marketing-focused  Web 
sites  for  some  of  its  brands  in  the  past,  but 
no  e-commerce  sites. 

In  September, TJX  made  its  first  foray  into 
online  sales,  launching  e-commerce  sites 
for  T.J.  Maxx  and  HomeGoods.  One  tech¬ 
nology  TJX  deployed  is  a  single-screen 
checkout  application  from  Molecular. 

The  intent  is  to  avoid  complicated  and 
lengthy  checkout  processes  that  can  turn 
off  customers.  In  the  retailer’s  physical 
stores,  easy  checkouts  are  imperative,  says 
Sherry  Lang,  vice  president  of  investor  and 
public  relations  atTJX.“For  us,  using  an  eas¬ 


ier,  more  efficient,  more  convenient  check¬ 
out  system  out  on  the  Web  was  a  natural 
progression,” she  says. 

Molecular’s  Single-Screen  Checkout  tech¬ 
nology  puts  the  entire  checkout  process  — 
from  adding  and  adjusting  items  in  the 
shopping  cart  to  entering  credit-card  infor¬ 
mation  —  on  a  single  page. That  page  is 
displayed  as  a  separate  window  that  opens 
when  an  item  is  added  to  the  cart,  so  users 
don’t  need  to  leave  the  Web  page  to  which 
they  navigated. 

In  addition,  as  items  are  added  to  or 
deleted  from  the  cart,  Molecular’s  software 
calculates  tax  and  shipping  costs.  Unex¬ 


pectedly  high  shipping  costs  —  which 
retailers  often  do  not  reveal  until  near  the 
end  of  the  checkout  process  —  is  one  rea¬ 
son  for  shopping  cart  abandonment,  ana¬ 
lysts  say 

Marketing  finesse 

For  Musicland  Group,  its  latest  e-com¬ 
merce  challenge  is  effective  marketing.This 
season,  the  Minneapolis  retailer  —  which 
sells  music,  movies  and  entertainment- 
related  products  through  900  retail  stores 
and  online,  under  the  names  Sam  Goody 
Suncoast  and  Media  Play  —  decided  to  try 
something  different  to  attract  the  coveted 
teen  demographic. 

Since  October,  Musicland  has  been  pilot¬ 
ing  a  real-time  alerting  service  from 
MessageCast.  The  service  lets  subscribers 
receive  instant  messages  on  their  cell 
phones,  PDAs  and  desktops,  depending  on 


their  preferences. 

MessageCast  alerts  combine  product 
news,  such  as  the  availability  of  a  new  CD 
or  DVD,  with  content  such  as  the  latest 
scoop  on  celebrities  and  entertainers, 
says  Brian  Miller,  vice  president  of  market¬ 
ing  at  Musicland. 

MessageCast  broadcasts  its  LiveMessage 
alerts  over  Microsoft’s  MSN  Alerts  Network. 
Consumers  are  in  control  of  how  messages 
get  delivered:  Subscribers  can  opt  to  have 
alerts  sent  to  their  desktops  if  they’re  online 
or  to  an  e-mail  account  or  a  mobile  phone 
when  they’re  offline. 

Because  the  MessageCast  service  is 
built  atop  Microsoft’s  messaging  infra¬ 
structure,  Microsoft  maintains  control  of 
each  subscriber’s  personal  information. 
As  the  broadcast  engine,  all  MessageCast 
sees  is  encrypted  subscriber  codes,  says 
Royal  Farros,  CEO  of  MessageCast. 
“Microsoft  has  the  subscribers’  informa¬ 
tion.  Not  us,  and  not  even  Musicland,” 
Farros  says. 

That’s  something  that  appeals  to  privacy- 
cautious  subscribers.  “Consumers  are  get¬ 
ting  more  savvy  about  with  whom  and  how 
they  share  their  information,”  he  says. “This 
is  a  way  to  reach  some  people  who  are 
skeptical  about  the  whole  thing.”* 


More  online! 


For  more  details  on  these  and  other  retailers' 
new  technology  implementations,  see  our 
online  Holiday  Prep  series. 
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■  WIRELESS  ■  REGULATORY  AFFAIRS  ■  CARRIER  INFRASTRUCTURE  DEVELOPMENTS 


Takes 

■  FiberNet  Telecom  last  week 
agreed  to  acquire  Con  Edison 
Communications,  a  subsidiary  of 
utility  Consolidated  Edison,  for 
approximately  $37  million.  Con  Ed 
Communications  provides  managed 
network  services  in  the  New  York  met¬ 
ropolitan  area.  FiberNet  is  a  managed 
service  provider  with  OC-192  and 
Gigabit  Ethernet  SONET  rings  in  New 
York,  Chicago  and  Los  Angeles.  Fiber- 
Net  says  the  Con  Ed  Communications 
deal  will  more  than  double  its  revenue, 
which  was  $26.6  million  in  2003. 

■  Competitive  local  exchange  carrier 
TeiCove  last  week  announced  the 
addition  of  higher-bandwidth  products 
to  its  fiber-optic  metropolitan,  intercity 
and  wave  services  offerings.  The  new 
OC-192  and  10G  wavelength  services 
join  previously  available  OC-48  and 
2.5G  products.  TeiCove  also  offers  a 
variety  of  storage  networking  connec¬ 
tions  that  include  Fibre  Channel, 
Enterprise  Systems  Connectivity, 

Fiber  Connectivity  and  Geographically 
Dispersed  Parallel  Sysplex.  TeiCove, 
which  was  formerly  a  subsidiary  of 
Adelphia  Communications  and 
emerged  from  bankruptcy  protection 
earlier  this  year,  serves  about  50  mar¬ 
kets  in  the  eastern  half  of  the  country. 

■  Qwest  has  announced  that  it  is 
expanding  its  business  VoIP  service 
nationwide.  Qwest  OneFlex  services 
are  now  available  in  more  than  100 
cities  across  the  U.S.  It  had  been  in 
only  26  markets.  Qwest  launched 
OneFlex  in  August.  Services  include 
OneFlex  Integrated  Access,  which 
lets  business  customers  bundle  their 
voice  and  data  services  over  one 
Internet  connection;  and  OneFlex 
Flosted  VoIP,  a  hosted  service  that 
comprises  local  and  long-distance 
voice  and  high-speed  Internet  ac¬ 
cess.  The  carrier  also  offers  another 
VoIP  service  called  IP  Centrex 
Prime.  This  lets  enterprise  cus¬ 
tomers  with  traditional  Centrex  ser¬ 
vices  migrate  from  their  PBX  con¬ 
nections  to  a  VoIP  service  while 
retaining  the  call  quality  and  reliabil¬ 
ity  of  a  PBX,  Qwest  says. 


Utility  services  seen  gaining  steam 

Savvis  customers  cite  flexibility,  cost  savings  as  key  attractions. 


■  BY  CAROLYN  DUFFY  MARSAN 

Sawis  Communications,  a  Web  hosting 
company  that  earlier  this  year  purchased 
the  assets  of  bankrupt  carrier  Cable  & 
Wireless,  is  reporting  significant  customer 
interest  in  its  new  utility  network  services. 

Savvis  says  it  has  attracted  more  than  50 
customers  for  its  virtualized  server  and 
storage  services  since  the  offerings 
became  available  in  April.  Meanwhile, 
Savvis  has  deployed  its  virtualized  security 
and  network  services,  including  firewalls, 
load  balancing  and  Web  acceleration  for 
400  customers  since  last  year. 

Companies  can  purchase  Sawis’  virtual¬ 
ized  services  on  a  monthly  basis,  increas¬ 
ing  or  decreasing  the  amount  of  compute 
power  or  storage  space  they  need  depend¬ 
ing  on  seasonal  changes  in  their  busi- 


■  PROFILE:  SAWIS 


Headquarters:  St.  Louis 

Number  of  employees:  1,700 

Aquisitions:  Cable  &  Wireless 
America  in  February  2004; 

WAMINET  in  August  2003 _ 

Revenue:  $600  million 

Customers:  6,000 
CEO:  Robert  McCormick 

Network  capabilities:  On-demand 
compute,  storage,  security  and 
network  services. 

nesses.  Industry  analysts  say  Sawis  has 
done  a  better  job  of  turning  its  virtualized 
services  into  an  off-the-shelf  offering  than 
competitors. 


“Everybody  has  something  that  they  call 
utility  computing  or  virtualization,  but  as 
far  as  I  know  this  is  the  first  productized, 
packaged  service  out  there  in  the  market,” 
says  Melanie  Fbsey  an  analyst  with  1DC. 
“Other  service  providers  offer  you  that 
capability  as  well,  but  since  Sawis  has  pro¬ 
ductized  the  offering  it’s  more  automated 
and  it’s  not  like  doing  a  customized  deal 
for  each  customer!’ 

Most  Sawis  customers  are  in  the  finan¬ 
cial  services  and  media  industries,  says 
CEO  Robert  McCormick. 

“Sawis  delivers  voice,  data,  computing 
and  storage  services  in  a  pay-as-you-go 
model. We  have  a  private  global  network  in 
47  countries,  and  we  give  our  customers 
virtual  slices  of  massive  carrier-grade 
servers,”  McCormick  says. 

See  Sawis,  page  24 


Switch  start-up  enhances  aggregation 

Hammerhead  seeks  to  meld  benefits  of  Layer  2/3  technologies. 


■  BY  JIM  DUFFY 

Hammerhead  Systems  last  week  en¬ 
hanced  its  multiservice  switch  with  soft¬ 
ware  the  company  says  will  improve  a  cus¬ 
tomers’  ability  to  aggregate  Layer  2  ser¬ 
vices,  such  as  Ethernet,  as  they  migrate  to 
Multi-protocol  Label  Switching. 

Hammerhead’s  Layer  2.5  Aggregation 
Switch  software  for  its  HSX  6000  uses  the 
pseudowire  and  Dry  Martini  techniques  to 
merge  Layer  2  operations  and  interworking 
methods  with  Layer  3  application  aware¬ 
ness,  the  company  says.  Pseudowire  emu¬ 
lates  physical  connections  using  a  service 
ID  label  that  defines  the  traffic  type  and 
QoS  parameters;  Dry  Martini  extends 
pseudowire  to  work  over  any  infrastruc¬ 
ture,  such  as  SONET  and  ATM  —  not  just 
MPLS. 

Dry  Martini  is  based  on  the  IETFs  Draft 
Martini  specification  for  integrating  Layer  2 
services  onto  an  MPLS  core.  (The  martini 
wordplay  is  a  bow  to  Luca  Martini,  the  Level 
3  engineer  who  conceived  of  a  way  to  link 
legacy  Layer  2  traffic,  such  as  frame  relay 
and  ATM,  to  IP/MPLS  backbones  networks.) 

Hammerhead  says  its  HSX  6000  is  in  lab 
trials  for  pseudowire,  Ethernet  and  Layer 
2.5  aggregation  applications,  and  that  the 
company  is  driving  the  pseudowire  Dry 
Martini  technical  drafts  through  the  IETF 


for  standardization. 

The  Layer  2.5  aggregation  feature  is  par¬ 
ticularly  targeted  at  improving  Ethernet  ag¬ 
gregation  for  business  and  consumer 
broadband  services.The  HSX  6000  is  based 
on  an  Ethernet  service  architecture,  Ham¬ 
merhead  says,  with  support  for  native 
Gigabit  Ethernet  and  Ethernet-over-SONET. 

The  HSX  6000  also  can  be  used  for  three 
aggregation  applications: 

•  High-density  fan-in  of  traffic  across  a 
range  of  new  and  legacy  service  interfaces, 
media  and  speeds. 

•  Grooming  and  service-level  details  ac¬ 
ross  a  range  of  applications  and  protocols. 

•  Trunking  across  an  ATM  or  MPLS  back¬ 
bone  and  control  plane. 

The  HSX  6000  also  features  a  service 
interworking  capability  for  providers  look¬ 
ing  to  roll  out  Ethernet  services,  such  as 
point-to-point  E-Line, to  existing  frame  relay 
and  ATM  customers.  Hammerhead’s  ser¬ 
vice  interworking  capability  supports  more 
than  1  million  flows  on  one  switch. 

Layer  2/3  integration  also  is  embodied  in 
the  switch’s  dual  MPLS  and  ATM  control 
planes.  This  is  intended  to  provide  native 
signaling  and  route  control  of  MPLS  paths 
and  ATM  virtual  circuits. 

Hammerhead’s  Layer  2.5  aggregation 
capabilities  will  compete  with  the  multiser¬ 
vice  edge  aggregation  features  of  switches 


from  Lucent  and  Nortel,  and  routers  from 
Cisco  and  Juniper. Traditional  routers  excel 
at  IP  packet  forwarding,  application  aware¬ 
ness  and  processing  of  higher-order  VPN 
services,  but  carry  higher  cost  and  com¬ 
plexity  and  incomplete  support  for  legacy 
services  and  deterministic  QoS  guarantees, 
Hammerhead  says. 

Layer  2  multiservice  switches,  mean¬ 
while,  offer  the  necessary  Layer  2  opera¬ 
tional  attributes  and  QoS,  but  fail  to  effec¬ 
tively  support  the  array  of  Ethernet  services 
and  IP  application  awareness,  Hammer¬ 
head  says. 

Hammerhead  says  the  Layer  2.5  Aggrega¬ 
tion  Switch  software  is  included  in  the  pur¬ 
chase  of  a  HSX  6000  switch.  It  will  be  avail¬ 
able  in  the  first  quarter  of  2005.  ■ 
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EYE  ON  THE 
CARRIERS 

Johna  Till 
Johnson 


No  question  about  it, we’ve  entered  the 
era  of  the  virtual  workplace.  While 
companies  have  talked  for  years 
about  the  concept  of  enabling  workers  to 
work  from  anywhere,  2004  marks  a  mile¬ 
stone  in  actually  achieving  that  goal. 
Nemertes  Research  recently  quantified  a 
nine-fold  increase  in  “virtual  workers” — 
those  who  reside  in  separate  locations 
from  their  managers  —  over  the  past  five 
years.That  means  more  salespeople  out  in 
the  field  with  prospects  and  customers; 
more  geographically  independent  contact 
centers;  and  more  knowledge  workers 
working  at  home. 

But  this  geographic  independence  has  its 


The  costs  and  benefits  of  remote  workers 


price  —  one  with  which  network  man¬ 
agers  might  be  well  aware.  Up  to  40%  of  an 
organizations  telecom  costs  can  be  linked 
to  supporting  these  remote  workers. 
Cellular  services,  digital  wireless  offerings, 
and  remote-office  Internet  and  VPN  access 
can  cost  a  company  nearly  as  much  as  its 
traditional  frame  relay  and  voice  services. 

Moreover,  its  tougher  to  provide  IT  ser¬ 
vices  to  remote  workers.  Employees  in  main 
offices  have  access  to  extensive  IT  support, 
but  employees  in  remote  or  home  offices 
often  have  limited  options  when  it  comes 
to  PC  meltdowns  or  network  problems. 

While  software  is  available  to  enable 
remote  teams  to  collaborate  effectively  it 
too  has  its  price.  Audioconferencing,  video- 
conferencing,  Web  conferencing  and  pres¬ 
ence  capabilities  can  cost  an  organization 
hundreds  of  dollars  per  employee  to 
deploy  And  for  these  tools  to  be  effective, 
every  employee  —  not  just  remote  workers 
—  needs  to  have  them. 


So  if  having  virtual  workers  increases  a 
company’s  network,  support  and  collabo¬ 
ration  costs,  does  it  make  sense  for  compa¬ 
nies  to  move  in  this  direction  at  all? 
Actuallyyes.There  are  several  major  advan¬ 
tages  to  actively  promoting  a  virtual  work¬ 
force,  including: 

•  Dramatically  lower  facilities  costs.  It 

costs  between  $10,000  and  $20,000  per 
year  to  house  an  employee  in  an  office  in 
a  major  metropolitan  area,  and  between 
$6,000  and  $10,000  to  do  so  in  a  smaller 
city  Moving  employees  out  of  headquarters 
and  into  remote  or  home  offices  can  save 
companies  millions  of  dollars  per  year.  And 
keep  in  mind,  these  numbers  dwarf  the 
cost  of  IT  support  for  these  employees. 

•  Increased  agility.  Minimizing  the 
impact  of  geography  lets  employees  be 
closer  to  customers  and  prospects  and 
eliminates  the  need  to  relocate  key  em¬ 
ployees  in  response  to  organizational 
changes.  (Just  because  you  now  report  to 


someone  in  Miami  doesn’t  mean  you  have 
to  move  there.) 

•  Increased  employee  retention.  I’ve  spo¬ 
ken  to  large  organizations  that  have  effec¬ 
tively  stopped  requiring  employees  to  move 
to  be  closer  to  their  bosses.  A  side  advan¬ 
tage  is  that  employees  stay  longer,  and  their 
institutional  knowledge  is  maintained. 

The  biggest  challenges  to  managing  vir¬ 
tual  workers  are  cultural.  Some  employees 
“go  Dilbert”  —  they  stop  working  when 
they’re  out  of  eyesight  of  their  managers. 
For  others,  losing  the  structure  and  protec¬ 
tion  of  a  workday  that  actually  starts  and 
ends  means  they’ll  work  24/7  until  they  hit 
burnout.  Managers  need  to  know  how  to 
cope  with  both  types:  Real-time  collabora¬ 
tion  tools  can  help  there,  too. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


Sawis 

continued  from  page  23 

During  the  past  six  months,  Sawis  has 
deployed  308  virtual  servers,  61. 5T  bytes  of 
virtual  storage  and  658  virtual  firewalls. 

The  virtualized  offerings  are  selling  “far 
better  than  we  anticipated  when  we 
launched  in  April,”  McCormick  says,  adding 


■  BY  GRANT  GROSS 

WASHINGTON,  D.C.— The  FCC  last  week 
adopted  new  rules  about  what  parts  of 
incumbent  telephone  carrier  networks 
must  be  shared  with  competitors,  back¬ 
tracking  on  an  earlier  decision  that  force 
incumbents  to  share  local  switching  facili¬ 
ties  in  the  residential  market. 

The  new  regulations,  an  attempt  to 
respond  to  a  March  decision  by  the  U.S. 
Court  of  Appeals  for  the  D.C.  Circuit  that 
overturned  parts  of  the  FCC’s  Unbundled 
Network  Element  (UNE)  rules,  were  criti¬ 
cized  by  AT&T,  which  competes  with  the  in¬ 
cumbents  in  some  residential  markets. 
AT&T  says  the  decision  to  no  longer  require 
the  incumbent  carriers  to  share  mass-mar¬ 
ket  switching  facilities  at  discounted  rates 
“fails  to  secure  access  to  monopoly  facili¬ 
ties  essential  to  competition.” 

AT&T  also  objects  to  the  FCC’s  decision 
to  limit  the  sharing  of  some  high-capacity 
DS-1  and  DS-3  network  loops  in  the  busi¬ 
ness  market. 

Last  week’s  order,  on  a  3-2  FCC  vote,  revis¬ 
es  the  FCC’s  February  2003  triennial  review 
decision  on  where  competitors  of  large 
incumbent  telephone  carriers  —  the 


that  half  the  customers  of  this  service  are 
former  C&W  or  Sawis  customers  and  the 
other  half  are  new  “They’ve  completely 
sapped  the  energy  away  from  our  other 
hosting  products.” 

Sawis  has  automated  the  delivery  of  vari¬ 
ous  IP  services  such  as  servers,  storage  and 
load  balancing  that  it  provides  on  an  out¬ 
sourced  basis.  Sawis  handles  all  the  net¬ 


regional  Bells  —  are  significantly  impaired. 
Competitive  local  exchange  carriers 
(CLEC)  have  access  to  fewer  pieces  of  the 
Bells’  networks  with  the  decision. 

The  UNE  rules  were  designed  to  foster 
competition  and  force  the  four  large  re¬ 
gional  Bells  to  share  parts  of  their  networks 
they  inherited  after  the  government-forced 
breakup  of  the  original  AT&T  monopoly  in 
the  early  1980s.  Last  week’s  decision  lets 
the  UNE  rules  continue  where  competitors 
have  “no  other  viable  way  to  compete,"  and 
it  complies  with  the  appeals  court  ruling, 
says  FCC  Chairman  Michael  Powell,  who 
opposed  much  of  the  2003  order. 

Last  week’s  action  will  drive  CLECs  to  in¬ 
vest  in  their  own  facilities,  Powell  says.'This 
item  decidedly  does  not  attempt  to  make 
all  sides  happy/’  he  says.“Consequently  one 
will  undoubtedly  hear  the  tortured  hand- 
wringing  by  incumbents  that  they  are 
wrongly  being  forced  to  subsidize  their 
competitors.  Conversely  one  can  expect  to 
hear  dire  predictions  of  competition’s 
demise  from  those  who  wanted  more  from 
this  item.Time  will  show  this  will  not  be  so.” 

BellSouth,  Verizon  and  SBC  praised  the 
FCC’s  switching  decision,  but  objected  to 
its  decision  on  DS-1  and  DS-3  loops.  ■ 


work  management  and  maintenance, 
while  customers  pay  for  a  certain  level  of 
performance  to  be  delivered. 

“This  lets  you  launch  a  new  application 
without  the  upfront  capital  needs,” 
McCormick  says.  “Here  you  rent  the  stuff 
and  get  into  your  new  business  without  a 
big  investment  in  IT’ 


1 1  This  lets  you  launch 
a  new  application 
without  the  upfront 
capital  needs.)  1 

Robert  McCormick 

CEO,  Sawis 


Sawis  has  built  its  virtualized  services 
through  partnerships  with  several  hot 
technology  vendors  including:  blade 
server  supplier  Egenera,  network  security 
vendor  Inkra  Networks,  utility  storage 
array  maker  3PAR  and  network  equip¬ 
ment  supplier  Nortel.  These  companies 
contribute  the  virtualization  technologies 
that  power  the  Sawis  virtualized  services 
delivery  platform. 

The  Sawis  offerings  are  proving  to  be  an 
attractive  alternative  to  traditional  Web 
hosting  or  collocation  services,  which 
require  customers  to  buy  their  own  equip¬ 
ment  and  rent  rack  space.  Sawis’  network 
infrastructure  is  partitioned  at  the  hardware 
level  to  ensure  security,  much  as  the  way 
mainframes  were  operated  years  ago. 


Customers  of  Sawis’  virtualized  network 
services  say  they  are  interested  in  reducing 
their  IT  budgets. 

“We  will  double  our  business  in  2005,  and 
at  the  same  time  we  will  reduce  our  IT 
costs  around  25%, ”  says  William  Thomas, 
president  and  CEO  of  Innovest  Systems,  a 
New  York  financial  services  firm  that 
recently  signed  up  for  Sawis’  new  virtual¬ 
ized  network  services. 

“For  me,  it  became  about  having  just-in- 
time  inventory/’  Thomas  says.  “We  have  the 
resources  to  adjust  to  peaks, and  we  have  it 
quickly  But,  just  as  importantly,  we  can  con¬ 
tract  back  down  from  there.” 

Deluxe  Laboratories,  a  DVD  production 
company  in  Burbank,  Calif.,  has  been  a 
Sawis  customer  for  three  years.  Deluxe 
recently  chose  Sawis’  virtualized  network 
services  to  support  an  acquired  business 
that  the  company  isn’t  sure  how  fast  will 
grow. 

“It’s  total  risk  reduction,”  says  Mark  Winter, 
executive  vice  president  of  IT  at  Deluxe.  “I 
don’t  have  to  worry  about  headcount 
because  all  of  our  IT  services  are  under 
one  umbrella.  I  can  focus  on  business  and 
not  focus  on  technology’ 

Winter  says  Deluxe  has  saved  “at  least  half 
a  million  dollars”  by  migrating  off  old 
equipment  to  the  new  Sawis  service.“If  this 
business  starts  to  grow,  our  savings  would 
significantly  increase  because  we  can 
incrementally  increase  storage  and  server 
blades,”  he  says.“We  don’t  have  to  buy  more 
than  we  need.” 

Posey  warns  IT  executives  that  they  need 
to  have  a  good  understanding  of  their  IT 
costs  to  see  the  savings  from  virtualized 
network  services  that  Sawis  touts. 

“If  you  don’t  have  a  good  idea  of  what 
your  costs  are  now,  you  won’t  be  able  to 
quantify  the  savings  you’ll  see  from  moving 
to  Sawis,”  Posey  says.'That’s  been  a  big  dis¬ 
appointment  for  customers  of  utility  ser¬ 
vices  —  that  they  didn’t  have  a  good 
benchmark  to  measure  the  savings.”* 


FCC’s  network-sharing 
ruling  gets  mixed  reviews 
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MIDDLEWARE  IS  IBM  SOFTWARE.  Identity  management 
software  that  uses  single  sign-on  technology  to  ensure  that 
the  right  access  is  given  to  the  right  people.  Open,  modular 

Tivoli  security  software  that  automates  processes  between 
employees,  partners,  customers  and  suppliers  -  while  j 
helping  to  reduce  costs.  It’s  how  everyone  involved 
gets  the  information  they  need.  On  time.  And  on  demand.  ; 

1.  Buyer  downloads  competitive  pricing. 

2.  Manager  securely  retrieves  invoices. 

3.  Driver  obtains  specific  delivery  details. 

4.  Ex-vendor  denied  access  to  intranet. 

5.  Customer’s  identity  protected  from  theft. 

Middleware  for  the  on  demand  world.  Learn  more  at  ibm.com/middleware/identity  [jUJ  DEMAND  BUSINESS 
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1.  Sales  associate  checks  online  inventory. 

2.  Manager  uploads  revenue  goals. 

3.  Supervisor  gets  employee  overtime  info. 

4.  Cashier  IMs  downtown  store  location. 

5.  Everyone  accessing  info  via  one  portal. 


Middleware  for  the  on  demand  world.  Learn  more  at  ibm.com/middleware/portals 
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MIDDLEWARE  IS  IBM  SOFTWARE.  WebSphere  Portal, 
part  of  the  IBM  Workplace  Family,  connects  partners, 
employees,  and  customers  worldwide.  It’s  how  to  access 
multiple  applications  on  one  screen  and  on  virtually  any 
kind  of  device.  An  end-to-end  solution  that  helps  improve 
productivity  and  reduce  costs  as  it  enables  on  demand 
business.  It’s  an  accessory  that  you  just  can’t  live  without. 
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Small  firms  struggle  with  WLAN  security 


a  BY  TONI  KISTNER 

Richard  Sheridan  loves  Thomas  Edison, 
hates  wires  and  until  recently  was  thwarted 
by  his  wireless  network. 

His  software  design  firm,  Menlo  Innova¬ 
tions  in  Ann  Arbor,  Mich.,  is  rooted  in  the 
principles  Edison  espoused  in  his  Menlo 
Software  factory  in  Menlo  Park,  N.J. 
Housed  in  an  open  space,  its  40  software 
developers  work  elbow  to  elbow  at  large 
tables;  groups  form  and  disperse  as  pro¬ 
jects  dictate. 

“Edison  counted  on  people  overhearing 
each  other  so  they  could  share  ideas  with¬ 
out  more  meetings,”  Sheridan  says. 

But  network  cables  and  computer  wiring 
were  anathema  to  Sheridans  vision. So  two 
years  ago,  Sheridan  plugged  a  wireless 
router  into  Menlo’s  network.  He  didn’t  con¬ 
sider  that  Cafe  Verde  next  door  had  a  wire¬ 
less  network,  too. 

Within  15  minutes,  Sheridan  discovered 
the  cafe’s  patrons  were  riding  his  connec¬ 
tion.  He  shut  down  the  wireless  network. 

“In  most  people’s  minds,  security  is  a  the¬ 
oretical  concern,”  Sheridan  says.  “We 
thought  it  can’t  happen  to  us,  then  we  real¬ 
ized  we  were  quite  vulnerable.”  Unlike  in 
many  small  firms,  everyone  at  Menlo  can 
handle  network  administration  tasks.  The 
group  rotates  the  work  among  four  people. 

Sheridan  needed  to  restrict  access  from 
accidental  wireless  LAN  (WLAN)  tourists 
and  manage  the  dynamic  flow  of  office  vis¬ 
itors  who  require  a  wireless  connection. 
First,  he  considered  restricting  WLAN 
access  by  network  card  media  access  con¬ 
trol  (MAC)  address,  but  that  made  adds, 
moves  and  changes  cumbersome.  “We 
wanted  something  that  didn’t  require  a  lot 
of  support,”  he  says,  adding, “we  didn’t  want 
to  lose  too  many  billable  hours.” 


All  options  required  more  support  and 
maintenance  than  Sheridan’s  team  could 
give,  so  the  company  remained  “shackled” 
to  the  network  until  three  months  ago, 
when  Menlo  began  trialing  InterLink’s 
LucidLink  802.11  security  software. 

LucidLink  provides  enterprise-level  net¬ 
work  security  and  access  control  but 
hides  the  configuration  details  behind  a 

LucidLink  product  update 


handful  of  easy  setup  screens.  When  a 
new  user  tries  connect  to  the  wireless  net¬ 
work,  he’s  prompted  to  create  a  user  ID  by 
typing  in  his  name.  When  he  hits  “OK,”  the 
request  is  sent  to  an  access  point,  where 
an  Extensible  Authentication  Protocol  key 
exchange  takes  place  between  the  access 
point  and  the  server. 

The  exchange  generates  an  eight-digit 
authentication  code  that  is  sent  to  the  user 
and  administrator. The  system  prompts  the 
user  to  provide  his  authentication  code.  If 
the  codes  match,  the  administrator  will 
authenticate  the  user. 


The  administrator  uses  the  console  to 
manage  the  user  list.  You  can  set  access 
authorization  dates,  and  deny  permission 
and  then  allow  it  at  a  later  date,  which  is 
useful  for  managing  recurring  visitors. 

Another  Ann  Arbor  firm  in  similar  straits 
was  Ardesta.  Its  half-dozen  employees  were 
all  tech-sawy  and  time-constrained,  but 
because  of  his 


IT  background,  most  network  management 
tasks  fell  to  Ardesta  director  Jeff  Rinvelt. 

Ardesta,  which  funds  micro-electro- 
mechanical  systems  and  nanotechnology 
start-ups,  has  a  small  office  on  the  campus 
of  the  firms  it  supports.  Most  handle  their 
own  IT  tasks,  but  they  all  share  a  common 
T-l  line,  phone  system  and  network  infra¬ 
structure,  switches,  and  a  firewall  with 
Ardesta.  Management  of  common 
resources  also  falls  to  Rinvelt,  who’d  much 
rather  do  his  “real”  job,  growing  start-ups. 

Rinvelt  says  he  “knew  enough”  not  to  put 
in  a  wireless  router.  “We  have  financial  data, 


IP  trade  secrets.  That  IP  is  their  business,  it 
just  didn’t  make  sense.” 

But  over  time,  Rinvelt  buckled  to  the  pres¬ 
sure  of  colleagues  and  visitors  demanding 
wireless  access.  Board  meetings,  especially 
were  a  problem.  “Very  important  people 
drive  up  in  their  limos  with  all  their  toys 
and  they  want  Internet  access,”  Rinvelt 
says.“We  can’t  say  no.” 

In  weighing  his  op¬ 
tions,  Rinvelt  knew  he 
didn’t  want  to  deal  with 
the  administrative 
headaches  of  routing 
wireless  traffic  through 
a  VPN  or  to  buy  new 
Cisco  equipment.  Nor 
did  he  want  to  deal 
with  Wired  Equivalent 
Privacy  or  Wi-Fi 
Protected  Access 
encryption,  daunted  by  rotating  keys  and 
confusing  encryption  protocols.  “If  1  don’t 
keep  things  as  simple  as  possible,  I’m  going 
to  be  really  miserable,”  he  says. 

Because  he  couldn’t  find  a  good  solution 
for  adding  and  removing  users  quickly 
Rinvelt  connected  an  unsecured  wireless 
router  to  the  network  outside  the  firewall. 
This  gave  visitors  easy  ’Net  access,  and  let 
employees  connect  to  the  network 
through  the  firewall  over  a  VPN. 

“Outside  people  stopped  complaining. 
But  we  exposed  the  access  point  connect¬ 
ed  to  our  T-l  to  the  Internet,”  he  says.  “We 
were  just  asking  for  something  to  happen.” 

Now  with  LucidLink  installed  on  an  extra 
workstation  server,  Rinvelt  can  manage 
changes  quickly  and  easily  focus  on  his 
real  job  and  keep  the  network  safe.  Looking 
back,  Rinvelt  says,  “A  lot  of  times  you  do 
things  against  your  common  good 
because  you  just  have  to.”  ■ 


Here’s  what’s  new  in  Version  2.0  and  a  glimpse 
at  new  features  coming  in  January: 

•  Support  for  Windows  2000  in  addition  to  Windows  XP. 

•  Supports  up  to  250  users. 

•  Remote  console  capability  lets  you  run  LucidLink  in  the 
server  room  and  manage  it  remotely.  Service  providers  can 
manage  LucidLink  remotely  for  their  customers. 

Coming  soon: 

•  Autoconfiguration  tool  will  support  more  D-Link  and 
Linksys  wireless  devices,  including  routers,  and 
additional  vendors'  equipment. 

•  Expanded  client  support  will  include  non-Windows  plat¬ 
forms  such  as  Linux,  Mac  and  some  handheld  platforms. 


Menlo  Innovations  storefront 
is  adjacent  to  Cafe  Verde, 
which  offers  Wi-Fi  access. 
Adding  an  unsecured  wireless 
router  gave  cafe  patrons 
misbegotten  access  to  Menlo’s 
corporate  network. 


m  DSL  rollouts  have  increased  39% 
worldwide  in  the  first  nine  months  of 
2004  to  85.3  million  subscribers, 
according  to  new  research  from 

Point  Topic  for  the  DSL  Forum.  In 

N;  ;rth  America,  DSL  gained  3.5  million 
new  subscribers  in  the  first  nine 
months  of  2004  to  reach  15.1  million. 


The  U.S.  added  3.2  million  to  reach 
12.6  million.  In  Canada,  DSL  has  48% 
market  share  after  adding  120,000 
subscribers.  By  February  2005  the 
number  of  DSL  subscribers  worldwide 
will  reach  100  million,  DSL  Forum 
President  Tom  Starr  predicts. 

■  Axis  Communications  and  Net- 

gear  have  joined  to  offer  small  busi¬ 
ness  IP-surveillance  systems.  Axis  is 
bundling  its  network  cameras  with 


Netgear  ProSafe  Power  over  Ethernet 
switches.  Powering  the  cameras  via 
the  Ethernet  cable  lowers  installation 
costs  by  eliminating  the  need  to  place 
cameras  near  power  outlets  and  lets 
you  centrally  back  up  the  cameras 
using  a  UPS  in  case  of  power  outages. 
The  Axis  211  camera  costs  $800;  the 
Netgear  eight-port  Desktop  Switch 
with  PoE  (FS108P)  costs  $181;  the 
Netgear  24-port  Managed  Switch  with 
two  Gigabit  ports  and  PoE  (FSM7326P) 
costs  $1,750. 


■  U.S.  Robotics  has  announced 
the  Wireless  Network  Starter 
Kit.  The  bundle  includes  an  802.1 1g 
USB  adapter  and  four-port  router 
that  installs  in  three  steps,  the  com 
pany  says.  The  router  provides  an 
SPI  firewall,  Web  site  filtering, 
media  access  control  address 
authentication  and  Wired  Equiva¬ 
lent  Privacy  and  Wi-Fi  Protected 
Access  encryption.  Available  now, 
the  Wireless  Network  Starter  Kit 
costs  $99. 


www.nwfusion.com 


Change  management  reins  in  SANs 


HOW  IT  WORKS 


SAN  change  management  software 

Change  management  software  for  storage-area 
networks  identifies  and  analyzes  errors  and  vulnera¬ 
bilities  before,  during  and  after  change  implementation. 

O  Change  management  server 
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administrator 
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O  A  change  management  server  continuously  acquires  configuration  data,  including  SAN  raw  data,  zones,  masks, 
fabrics,  switch  status  and  connectivity  information  from  a  SAN,  and  stores  it  in  a  configuration  data  repository. 

©  The  change  management  server  transfers  data  from  the  repository  into  path  correlation,  change  identification 
and  impact  analysis  engines  that  transform  the  data  and  fill  the  SAN  intelligence  base  with  SAN  access  path 
change  identification,  vulnerabilities  and  violation  details. 

0  The  SAN  intelligence  base  enables  the  administrator  to  troubleshoot  problems,  check  compliance  and  documentation, 
audit  changes  and  recover  a  past  configuration  state. 

O  The  change  management  data  then  moves  through  the  GUI  that  the  administrator  uses  to  troubleshoot  SAN 
violations  using  a  root  cause  analyzer  that  recommends  a  solution.  The  administrator  uses  the  GUI  to  plan  and 
predict  the  effect  of  future  changes  with  the  help  of  the  simulation  engine. 


■  BY  RON  ALON 

Most  problems  in  storage-area  networks, 
including  those  that  are  the  most  difficult 
to  find  and  fix,  stem  from  SAN  changes 
that  cause  errors.  Someone  disconnects 
the  wrong  cable,  unbeknownst  to  SAN 
managers,  for  example;  or  a  storage  tech¬ 
nician  makes  a  typing  error  when  adding 
logical-unit-number  masking  for  a  new 
volume  but  managers  find  the  error  dur¬ 
ing  downtime. 

SAN  change  management  software  man¬ 
ages  SAN  change  and  growth  by  identify¬ 
ing  and  analyzing  errors  and  vulnerabili¬ 
ties  before,  during  and  after  change  imple- 
mentation.The  software  lets  administrators 
more  quickly  identify  and  repair  errors  in 
SANs,  predict  the  effect  of  planned 
changes  before  implementation,  monitor 
the  implementation  to  ensure  correct  exe¬ 
cution  and  gain  better  control  through 
change  processes  that  coordinate  activity 
among  dispersed  groups  responsible  for 
making  changes.  By  automating  these  pro¬ 
cesses,  organizations  can  gain  dramatic 
improvements  in  risk  and  cost  reduction  of 
their  SAN  environments. 

Without  SAN  change  management,  orga¬ 
nizations  are  challenged  to  manage  SAN 
changes  and  events  with  error-prone  and 
time-consuming  manual  techniques  and 
cumbersome  spreadsheets.  To  validate  the 
effect  of  a  zone  change,  for  example,  a  stor¬ 
age  administrator  has  to  compare  and  cor¬ 
relate  data  from  a  host  bus  adapter  details 
spreadsheet,  storage  masking  spreadsheet 
and  zoning  database.  As  a  result,  adminis¬ 
trators  spend  many  hours  managing 
changes  and  change-induced  problems, 
but  extra  manpower  can’t  solve  the  prob¬ 
lem.  A  storage  manager  must  understand 


how  a  single  change  in  a  SAN  can  affect 
several  thousand  paths. 

SAN  change  management  software  is 
composed  of  a  server  and  a  client  GUI  that 
can  be  executed  on  separate  machines. 
The  server  logic  comprises  an  impact 
analysis  engine,  change  identification 
engine  and  path  correlation  engine. 

First,  the  software  establishes  a  baseline 
map  of  the  entire  SAN  environment  that  is 
stored  in  a  configuration  data  repository 
The  map  captures  device  data  and  config¬ 


uration  information,  including  all  physical 
devices,  cables,  and  logical  access  paths 
and  dependencies  between  components 
such  as  storage  devices,  servers  and 
switches.  The  server  performs  all  the  map¬ 
ping  and  continuously  communicates  with 
all  SAN  devices.  It  analyzes  any  configura¬ 
tion  change  and  correlates  events  and 
device  data  to  generate  a  uniform,  accu¬ 
rate  picture  of  a  SAN  and  its  access  paths. 

Next,  the  software  automatically  analyzes 
the  environment  with  the  impact  analysis, 


change  notification  and  path  correlation 
engines. The  impact  analysis  engine  offers 
real-time  impact  analysis  of  every  change 
on  SAN  access  paths,  and  application  avail¬ 
ability  performance  and  security  It  also  per¬ 
forms  end-to-end  dependency  testing 
across  the  SAN  and  reports  back  the 
access  path  impact. 

The  change  identification  engine  enables 
real-time  device  and  configuration  change 
notification.  The  path  correlation  engine 
correlates  security  mechanisms  and  topol¬ 
ogy  to  generate  an  access  path  list  that 
depends  on  these  underlying  mechanisms. 

These  engines  provide  a  complete  assess¬ 
ment  of  a  SAN,  highlighting  discrepancies 
with  business  rules,  unauthorized  paths, 
redundancy  and  vulnerabilities  such  as  in 
LUN  sharing,  zoning  and  clustering.  Once 
the  software  is  deployed,  SAN  administra¬ 
tors  gain  visibility  to  underlying  problems 
through  the  SAN  intelligence  base,  root- 
cause  analyzer  and  simulation  engines. 

Change  management  software  monitors 
SANs  throughout  changes,  growth,  migra¬ 
tions  and  consolidations.  When  a  problem 
occurs,  an  administrator  is  notified  via 
e-mail,  SNMP  and  the  GUI,  and  is  sent  an 
explanation  of  the  cause  and  a  solution. 
Alerts  let  administrators  fix  a  problem 
before  it  affects  application  availability 

Once  a  maintenance  or  infrastructure 
change  is  in  process,  the  software  acts  as  a 
checks-and-balances  layer,  letting  adminis¬ 
trators  simulate  changes,  assess  their  effect 
and  track  them.  Checks  and  balances  fol¬ 
low  IT  Infrastructure  Library  and  the  orga¬ 
nizations  best  practices. 

Alon  is  vice  president  of  product  develop¬ 
ment  &  field  operations  at  Onaro.  He  can  be 
reached  at  roy.alon@onam.com. 


Dr.  Internet  By  Steve  Blass 

We  have  high-speed  cable  Internet  service  at 
home  and  just  got  a  laptop  with  wireless.  The 
cable  company  wants  $250  to  set  up  and  $8  per 
month  to  maintain  it.  Can't  we  just  connect  a 
wireless  router  to  the  cable  modem? 

Depending  on  the  details  of  your  service  configu¬ 
ration,  you  should  be  able  to  hook  up  a  wireless 
router  and  make  it  work.  Typically,  the  device 
plugged  into  the  cable  modem  automatically  picks 


up  its  network  address  through  the  modem  at 
start-up.  Many  wireless  routers  also  will  assign  IP 
addresses  to  your  local  PCs. 

Disconnect  the  computer  that  is  plugged  into  the 
cable  modem.  Connect  the  wireless  router  in  its 
place,  and  start  it  up.  That  should  get  the  wireless 
router  on  the  cable  network.  Take  the  PC  that  was 
connected  to  the  modem,  and  plug  it  into  the 
router.  At  this  point,  the  wired  computer  should  be 
connected  to  the  Internet.  Use  the  wired  PC  to 


configure  the  router  with  its  wireless  settings. 
Once  the  wireless  settings  are  configured,  you 
can  disconnect  the  wired  computer  from  the 
router.  Make  sure  that  the  802. 11  (a,  b,  g)  abbrevia¬ 
tion  dialect  your  wireless  laptop  speaks  matches 
what  the  wireless  router  uses. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.internet@change 
atwork.com. 
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The  beauty  of  Ruby 


GE&RHEAD 
INSIDE  THE 
NETWORK 

MACHINE 

Mark 

Gibbs 


To  the  tune  of  Jingle  Bells: 

Dashing  through  the  code ,  without  a  spec 
in  sight, 

O’er  the  bugs  we  go,  coding  with  all  our 
might. 

Breakpoints  fill  the  source,  as  we  try  to  get 
it  right 

Oh,  what  fun  to  debug  code  even  on 
Christmas  night. 

Oh,  Jingle  bells,  COBOL's  hell,  C’s  an  awful 
pain 

If  I  didn  I  have  Ruby,  I  think  I’d  go  insane. 

Oh... 

That’s  enough  festive  nonsense  for  one 
season. Last  week  we  promised  a  quick  tour 
of  the  Ruby  language  so  here  goes:  First,  re¬ 
read  last  week’s  Gearhead  for  the  back¬ 
ground  (www.nwfusion.com,  DocFinder: 
5228).  It’s  OK,  we’ll  wait  for  you....  Right,  now 
you’re  back,  here’s  a  Ruby  script: 

def  addjingle(text) 


return  line  = “Jingle”  +  text 

end 

%w [bells, bells, all  the  way]. each  (Inamel 
puts  addjingle(name)} 

We’re  sure  you  can  figure  out  what  the 
output  of  this  program  would  be  but  let 
us  point  out  some  interesting  features: 
First,  we  define  a  method,  add Jingle 
(remember,  Ruby  is  a  completely  object- 
oriented  language). 

Next,  the  %w,  that’s  a  shortcut  for  creating 
arrays  that  lets  you  leave  the  quotes  and 
commas  out.  The  each  method  (called  an 
“iterator”)  applied  to  the  array  extracts 
each  element  from  the  array  and  the  code 
in  braces  is  a  “block”  that  is  associated  with 
the  each  method  and  gets  executed  once 
for  each  element. 

Parameters  are  passed  to  blocks  through 
variables  identified  by  being  bracketed  by 
the  bar  symbol  and  that  follow  immediate¬ 
ly  after  the  braces.  We  could  have  written 
the  program  more  concisely: 

%w  [bells,  bells,  all  the  way]  .each  [Inamel 
puts  return  line  =  “Jingle”  +  name)} 

This  is  more  subtle  than  it  looks,  as  it 
involves  a  sort  of  recursive  call  to  the 
method  using  the  block  as  an  argument. 


If  this  all  sounds  a  little  convoluted  we 
suggest  you  buy  a  copy  of  Programming 
Ruby,  The  Pragmatic  Programmer’s  Guide, 
Second  Edition,  by  Dave  Thomas  (pub¬ 
lished  by  The  Pragmatic  Bookshelf). 

This  is  an  excellent  book.  It  introduces 
all  the  features  of  Ruby  in  an  orderly,  orga¬ 
nized  way  and  provides  an  exhaustive 
reference  to  the  language.  One  of  the 
great  attributes  of  this  text  is  readability 
—  it  really  simplifies  coming  to  grips  with 
this  rich,  complex  language. 

You  want  to  get  an  idea  of  what  Ruby  can 
do  with  TCP  and  threading?  Check  this  out: 

require  ‘net/http’ 

pages  =  %w(  www.rubycentral.com 
www.awl.com 

www.pragmaticprogrammer.com 

) 

threads  =  [] 

for  page  in  pages 

threads  «Thread.new(page)  { ImyPagel 
h  =  Net::HTTPnew(myPage,80) 
puts  “Fetching:  #{myPage}” 
resp,  data  =  h.get(‘/’,  nil  ) 
puts  “Got  #{myPage}:  #{resp.message}” 

} 

end 

threads.each  { laThreadl  aThread.join  } 


www.nwfusion.com 


When  we  ran  this  example,  we  got: 

Fetching:  www.rubycentral.com/no 

space  correct?/Fetching:  www.awl.com 

Fetching:  www.pragmaticprogrammer 
.com 

Got  www.awl.com:  Moved  Temporarily 

Got  www.rubycentral.com:  OK 

Got  www.pragmaticprogrammer.com: 
OK 

As  you  can  see,  we  started  a  new  thread 
for  each  fetch.  And  each  acted,  as  it 
should,  independently  outputting  its  result 
as  each  thread  retrieved  the  targeted  con¬ 
tents.  We  can’t  explain  why  there  was  no 
line  feed  before  the  second  “Fetching”  on 
the  first  output  line  —  let  us  know  if  you 
have  any  ideas.  We  tried  adding  line  feeds 
but  no  joy 

We  still  are  learning  Ruby  and  it  is  amaz¬ 
ing  what  you  can  do  in  this  language  with 
a  little  effort.  If  you  use  or  plan  to  use  Ruby 
let  us  know  your  experiences. 

Happy  holidays!  This  has  been  a  great 
year  for  feedback  and  ideas  from  y’all. 
Thank  you  for  reading  and  responding. 
New  Year’s  resolutions  to  gearhead@ 
gibbs.com. 


Cool 


Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


Cell  phones  target  specific  user  roles 


Looking  at  last  week’s  slew  of  new  cell  phone  and 
other  wireless  device  announcements,  I  realized 
you  now  can  buy  a  cell  phone  targeted  toward 
your  job  duties  or  specific  interests.  No  longer  taking  a 
“one  phone  fits  all”  approach,  vendors  are  adding  fea¬ 
tures  geared  directly  to  a  job  description.  For  example: 

For  public  sector  or  field  service  workers,  Nextel 
and  Motorola  last  week  launched  the  13 1 5  and  1325 
handsets,  which  include  an  offline  walkie-talkie  mode 
(Direct  Talk)  in  addition  to  Nextel’s  Direct  Connect 
nationwide  service.  If  a  colleague  is  only  a  few  blocks 
away,  you  can  use  the  offline  mode  and  the  device 
acts  like  a  walkie-talkie  instead  of  using  the 
Direct  Connect  cellular  network.  The  i315 
($175  with  2-year  contract)  and  i325 
($400  with  a  2-year  contract)  offer  a 
range  of  up  to  6  miles  (depending 
on  terrain,  weather  and  ob¬ 
structions)  for  the  off-network 
mode.  Direct  Talk  offers 
group  and  private  walkie- 
talkie  calls  with  10  chan¬ 
nels  and  15  privacy 
codes.  The  handsets 

„  have  a  rugged 

The  t325  cell  ,  . 

phone  includes  desi§n  to  Perform 

an  aft-network  in  extreme  outdoor 

walkie-talkie.  conditions,  are  rain-resis¬ 


tant  and  include  GPS  functionality  The  i325  includes 
an  emergency  call  button  and  Priority  Connect  fea¬ 
ture,  which  offers  priority  service  to  public  sector 
workers  during  times  of  heavy  network  congestion. 

For  mobile  professionals,  Cingular  has  launched  the 
latest  Microsoft  Windows  Mobile  Smartphone, 
the  Motorola  MPx220.  The  GSM  world  phone 
($300  with  2-year  contract,  $350  with  1-year  con¬ 
tract)  lets  users  access  Microsoft  Outlook 
e-mail  (with  attachments),  contacts  and  calen¬ 
dar  information.  Other  features  include  integrat¬ 
ed  Bluetooth,  a  1.2-megapixel  digital  camera  and 
mini-Secure  Digital  card  slot  that  can  add  up  to  512M 
bytes  of  storage  and  Windows  Media  player.The  e-mail 
software  can  support  nine  e-mail  boxes  for 
POP3  and  Internet  Media  Access  Protocol  4 
mail. 

For  fitness  buffs,  NEC  America  launched  a  cell 
phone  that  includes  personal  training  software. 
The  NEC  232E  High  Definition  Mobile-i- 
phone  ($250)  works  on  the  Cingular  net¬ 
work  and  includes  software  that 
offers  “daily  encouragement,  work¬ 
out  instructions,  meal  plans, and 
health  and  fitness  tips.”  The 
phone  works  on  the  GSM/ 
Enhanced  Data  Rates  for  GSM  Evo¬ 
lution  network  to  also  give  users  fitness- 
related  downloads  and  multimedia  from 
the  Internet.  Other  features  include  an  inte¬ 
grated  VGA  camera,  Java  and  a  65,000-plus  color 

display.  Users  also 

NEC  America’s  High  Definition  can  reSister  their 

Mobile+  cell  phone  offers  daily  tips  phone  on  NEC’s 
on  workouts  and  health  and  fitness.  Web  site  (www. 


n  e  c  h  d  m  . 
com)  to  down¬ 
load  fitness-re¬ 
lated  content, 
including  a 
Fitness  “mobile 
magazine,” 
searchable  re¬ 
cipes,  and  heart 
rate  or  calories 
burned  calculators. 

For  multimedia  en¬ 
thusiasts,  Samsung 
and  T-Mobile  have 
launched  the  p735 
($500),  a  cell  phone  that 
includes  a  1-mega- 
pixel  digital  camera, 
video  recorder,  MP3 
player  and  expand¬ 
able  memory.  The 
phone  has  a  twist- 
and-swivel  design 

that  rotates  the  screen  to  look  more  like  a  camcorder 
for  taking  video  and  camera  shots  easier. 

The  camera  can  shoot  photos  up  to  4  by  6  inches 
in  size,  and  comes  with  digital  zoom,  timer  and 
brightness  adjustments.  The  video  recorder  can 
shoot  up  to  15  seconds  of  video  or  up  to  30  seconds 
of  audio. 

The  phone  comes  with  64M  bytes  of  internal  stor¬ 
age,  but  also  has  a  32M-byte  MultiMedia  Card.  Files 
and  other  applications  can  be  stored  on  the  card. 

Shaw  can  be  reached  at  kshaw@nww.com. 


A  twist-and-swivel  design  rotates 
the  screen  of  Samsung  and  T- 
Mobile’s  p735  cell  phone  so  it 
looks  like  a  camcorder. 


Fastlron  Edge  X424 


Fastlron  Edge  X448 


Integral  Hot- 
Swappable  AC  &  DC 
Power  Supplies  for 
Redundancy  and  High 
Availability 


Extensive  Security  and  DoS 
Protection  Capabilities 
Including  802. 1  x  and  MAC 
Authentication,  Dynamic  VLAN 
and  Security  Policies,  ACLs, 
and  Advanced  Network 
Monitoring 


Advanced  Layer  2  Features, 
Upgradeable  to  Full  Layer  3, 
Including  RIP,  OSPF,  BGP,  PIM 
DM,  PIM-SM,  DVMRP, 

AND  I  G  M  P 


Network  Goes  Faster.  Budget  Goes  Farther 


Fastlron  Edge  X-Series  switches  let  you  do  more  with  less  —  less  size, 
less  money,  yet  more  capability.  Compact  form.  Immense  capabilities.  1 0  Gigabit 
Ethernet  performance  from  edge  to  core  at  a  price  you  can  afford.  They  are 
purpose-built  to  deliver  wire-speed  Gigabit  and  10  Gigabit  Ethernet  performance  to  workgroup, 
server  farm,  edge  aggregation,  small/medium  enterprise  backbone,  and  cluster  computing 
networks  at  prices  that  bring  the  power  and  scalability  of  10  Gigabit  Ethernet  within  reach  for 
enterprises  large  and  small.  Fastlron  Edge  X-Series  switches  deliver  24  or  48  ports  of 
1 0/ 1 00/ 1 000  with  4  combo  SFP  ports,  plus  optional  I  or  2  ports  o!  10GbE.  Fastlron  Edge 
X-Series  switches  give  you  the  lowest  total  cost  ofownership  and  the  best  investment  value  of  any 
comparable  switch  on  the  market.  ( let  a  competitive  edge  —  get  a  Fastlron  Edge  X-Series  switch. 
Gall  1 .888.TUR13C FLAN  (I  )irect  +  I  408.586. 1 700)  or  www.foundrynetworks.com/fex 
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Network  World  staff 

Reviewing  our 
2004  predictions 

We  made  10  predictions  this  time  last  year, so  it’s  time 
to  see  how  we  did.  In  the  Jan.  10  issue,  we’ll  set  our 
sights  on  2005. 

•  We  jumped  the  gun  with  our  prediction  that  the  major 
e-mail  vendors  would  revise  their  interfaces  to  incorporate 
instant  messaging  and  links  to  the  voice  world.  But  the  pres¬ 
ence  push  did  lead  to  some  strategic  alliances,  including 
Microsoft  linking  Live  Communications  Server  with  con¬ 
sumer  services  from  MSN,AOL  and  Yahoo. 

•  As  predicted,  questions  about  wireless  LAN  security  eased 
as  the  802. 1 1  i  security  standard  was  finalized.  But  instead  of 
opening  a  floodgate,  it  has  only  resulted  in  steady  growth. 

•  We  called  for  continued  growth  in  blades  and  more 
noise  about  64-bit  architectures  as  companies  shift  to  scal¬ 
able,  low-cost  systems  built  with  commodity  components. 
Both  spot  on. 

•  Flat  wrong  on  our  prediction  that  IBM  would  knuckle 
under  and  pay  off  SCO.  If  anything,  the  SCO  position  seems 
weaker  than  ever.  But  we  were  right  that  Linux  gains  would 
make  Microsoft  increasingly  nervous. 

•  In  the  land  of  VoIRwe  said  vendors  would  start  to  focus 
on  applications,  and  while  there  has  been  more  talk  about 
that,  the  real  story  was  about  landmark  VoIP  deals.  Ford, 
Boeing,  Bank  of  America  and  Lloyds  of  London  together  will 
install  three  times  the  number  of  IP  phones  than  were 
shipped  worldwide  in  2003,  according  to  IDC. 

•  Despite  our  prediction  that  no  large  telecom  deals  would 
go  down  in  ’04,  AT&T  sold  off  its  wireless  business  to  Cingu- 
lar.and  Sprint  and  Nextel  signed  a  $70  billion  blockbuster 
merger.  Oh  well. 

•  We  had  predicted  Cisco’s  Network  Admission  Control 
(NAC)  program,  which  blocks  network  access  if  desktops 
don’t  have  updated  virus  software,  would  stumble  because  it 
isn’t  based  on  standards.That  proved  an  obstacle  to  adop¬ 
tion,  as  did  the  2004  introduction  of  the  Microsoft  Network 
Access  Protection  (NAP), a  competing  initiative.  But  the  year 
ended  with  Cisco  and  Microsoft  vowing  to  work  together  to 
combine  NAC  and  NAPand  that  could  spur  demand. 

«  Offshoring  would  trip  up,  we  said,  as  the  downsides  were 
exposed  in  ’04. While  there  has  been  more  focus  on  the  neg¬ 
atives,  offshoring  indeed  grew.  But  it  also  became  a  political 
hot  potato,  with  12  states  —  including  Connecticut  and 
Florida  —  moving  to  block  offshoring  of  state  contracts. 

•  We  said  utility  computing  is  years  away,  and  it  still  is.  But 
we  expected  more  concrete  announcements  in  ’04.  If  any¬ 
th  Tig,  this  year  saw  the  big  vendors  concede  that  what  you 
can  buy  today  is  a  far  cry  from  the  vision  they  pitch. 

•  And  finally,  we  predicted  site-to-site  VPNs  would  gain 
acceptance  as  a  frame  alternative.The  real  story  is  customers 
are  replacing  frame  with  Multi-protocol  Label  Switch-based 
services  that  don’t  carry  fees  for  individual  virtual  circuits. 
That’s  the  future. 


Regarding  Mark  Gibbs’  BackSpin  column  “Our  sec¬ 
ond  Thanksgiving  Golden  Turkey  Awards”  (www 
.nwfusion.com,  DocFinder:  5124):  There’s  another 
point  of  view  Gibbs  should  consider  before  making 
e-mail  non-delivery  notifications  a  contender.  On 
several  occasions  I’ve  found  such  notifications  use 
ful  in  identifying  an  incorrect  address  to  which  I  was 
attempting  to  email.  For  example,  as  a  coach  in  a 
youth  basketball  leagued  communicate  with  players 
and  parents  via  email.  Inevitably  at  the  beginning  of 
the  season  I  get  a  few  email  addresses  from  the  play¬ 
ers  that  are  incorrect.  If  an  email  bounces  back 
because  of  a  non-delivery  notification,  I  follow  up 
with  a  phone  call  to  get  the  correct  address. 

Edward  Joyce 
Senior  software  engineer 
Computer  Associates 
Pittsburgh 

Apple  of  his  eye 

I  enjoyed  your  “Cool  Yule  Tools”  feature  (DocFinder: 
5 125);  several  of  the  items  were  almost  good  enough 
to  put  on  my  own  wish  list.  However,  I  was  a  bit  dis¬ 
appointed  with  a  couple  of  the  winners. 

In  the  “Best  space-saver”  category  winner  MPC 
ClientPro  414  All-in-One  is  a  less  attractive  Windows 
version  of  the  new  iMac, right  down  to  the  Bluetooth 
keyboard  and  mouse  (optional  on  the  iMac).  In  ad¬ 
dition,  this  product  costs  about  $2,000,  while  17-inch 
iMacs  start  at  $1,299  and  20-inch  iMacs  at  $1,899. 
With  the  iMac  you  get  a  better  operating  system,  64- 
bit  processor,  bundled  consumer  applications  and 
enough  cost  savings  to  add  those  wireless  toys  and 
a  few  add-ons. 

The  “Best  non-violent  way  to  irk  Microsoft”  cate- 


opinions! 


gory  you  had  a  tie  between  the  Averatec  6200  Note¬ 
book  and  Toshiba’s  Qosmic  notebooks.This  is  a  real 
cheat,  unless  you’re  going  to  buy  it  without  Windows 
and  install  Linux;  Microsoft  already  has  your  license 
fee  otherwise.  Check  out  the  Bowerbook  line.  No  MS 
DRM,  no  Windows,  built-in  Firewire  (IEEE  1394  to 
non-Apple  folks)  and  the  big-screen,  17-inch  model 
has  been  an  option  for  a  couple  of  years. 

OK,  I’ll  admit  it,  I’m  a  big  Apple  fan.The  Unix  under¬ 
pinnings  are  just  the  icing  on  the  cake.  The  real 
advantage  is  that  I  can  go  home  at  night  and  not 
have  to  troubleshoot  Windows  problems. 

Randy  Grein 
Bellevue,  Wash. 

Editor’s  note:  The  “ categories  "were  somewhat  tongue- 
in-cheek  and  not  meant  to  be  serious  “winners” as  in 
a  competitive  test.  Also,  we  would  have  loved  to  try 
out  the  new  Apple  equipment,  but  Apple  never 
responded  to  our  requests. 

Corporate  sell-out 

Regarding  the  story  “Municipal  WLAN  plans  draw 
mixed  reactions”  (DocFinder:  5126):  What  Phila¬ 
delphia  is  doing  is  no  different  than  setting  up  any 
other  utilitysuch  as  water  or  an  electric  co-operative. 
Businesses  like  Verizon  have  long  been  cherry  pick¬ 
ing  customers,  leaving  governments  to  pay  for  those 
they  deem  not  profitable  to  serve,  such  as  rural  cus¬ 
tomers.  How  odd  that  they  now  find  the  shoe  on  the 
other  foot. 

Verizon  just  doesn’t  want  municipalities  to  offer  a 
reasonably  priced  service  that  competes  with  its 
overpriced  offerings.  It’s  a  license  to  price  gouge, 
basically  And  what  the  legislature  did  was  even 
worse  by  selling  out  the  people  of  Pennsylvania  to 
Verizon.  For  once  I’d  like  to  see  our  government  rep¬ 
resent  the  people  instead  of  the  corporations. 

Christopher  Rose 
Liberty  Mo. 


E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  118  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 
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THROUGH  CHANNELS 

Ken  Presti 

This  time  of  year  reminds  us  that  human¬ 
ity  is  divided  into  two  groups:  those 
who  revel  in  making  detailed  prepara¬ 
tions  for  big  events  and  those  who  prefer  the 
adrenaline-induced  heart  palpitations  that 
come  from  waiting  until  the  last  minute.  If 
you’ve  ever  used  the  phrase,  “I  do  my  best 
work  under  pressure!”  guess  which  group  you  belong  to.  In  any  event, 
here’s  a  little  something  to  think  about  during  the  holiday  lull,  or  at 
least  what  passes  for  the  holiday  lull  nowadays. 

Sit  back  and  take  a  big-picture  look  at  your  business  strategy.  Is  it 
still  the  optimal  path,  given  the  changes  to  the  industry  and  to  your 
company?  Strategies  are  all  about  overcoming  challenges  to  meet 
objectives. When  strategies  fail,  they  need  to  be  replaced.  When  they 
work  well  the  challenges  change,  and  new  strategies  are  required. 
Think  of  this  as  the  business  equivalent  of  rebalancing  your  stock 
portfolio. 

Then,  look  at  your  strategy  from  an  ecosystem  level.  Because  all  of 
this  is  ultimately  about  meeting  the  needs  of  end  users,  I’d  start  there 
first.  Is  the  right  technology  mix  in  place?  Where  were  the  rough 
spots  along  the  migrations, and  how  can  they  be  improved?  Was  post¬ 
sales  support  effective?  If  you’re  a  customer, you  mostly  need  to  look 
at  this  from  your  own  perspective.  If  you’re  a  vendor  or  a  channel 
partner,  you’ll  need  to  first  look  at  this  across  the  broad  customer 
base, and  then  break  it  down  into  vertical  markets  or  even  to  the  indi¬ 
vidual  customer  level,  depending  on  the  circumstances. 

At  this  point,  it  should  become  clearer  how  well  your  overall  strat¬ 


Tis  the  season  to  plan  strategy 


egy  is  working.  But  don’t  start  contemplating  changes  yet.  There’s 
more  to  come. 

Next,  look  at  how  the  different  players  interact.  Where  does  com¬ 
munication  need  to  be  improved?  How  can  technology  be  used  to 
augment  that  improvement?  Are  there  adequate  links  between  the 
players  at  the  appropriate  levels  of  the  organizations? 

Then  there’s  business  development.  If  that  thought  only  brings  to 
mind  the  excitement  of  winning  new  customers,  give  yourself  a  fail¬ 
ing  grade.You  also  have  existing  customers,  my  friend  —  and  if  you’re 
so  focused  on  finding  new  customers  that  you’re  not  looking  at  long¬ 
term  approaches  to  meet  the  needs  of  existing  customers,  they 
really  ought  to  become  someone  else’s  customers.  A  good  business 
development  plan  pursues  both. 

Once  you  consider  all  the  issues  that  fall  under  these  basic  cate¬ 
gories, you’re  about  ready  to  look  at  areas  such  as  improved  cost  con¬ 
tainment.  But  you  can’t  really  do  that  effectively  until  you’ve  loaded 
the  more  customer-facing  items  into  your  brain  and  let  them  simmer 
for  a  while. When  you’re  finished  with  this  process,  the  strength  of  your 
strategy  and  the  potential  changes  should  become  much  clearer. 

Now  is  a  great  time  to  perform  this  exercise.  A  little  advance  plan¬ 
ning  can  make  a  world  of  difference,  and  the  start  of  a  new  year  is 
right  around  the  corner.  Never  mind  if  you  operate  on  a  fiscal  year;  a 
fresh  start  is  more  about  psychology  than  about  calendars.  Or  maybe 
it’s  too  early  Some  of  us,  I’m  told,  do  their  best  work  under  pressure. 


Think  of  this  as 
the  business 
equivalent  of 
rebalancing  your 
stock  portfolio. 


Presti  is  research  director  of  IDC’s  Network  Channels  and  Alliances 
service.  He  can  be  reached  at  kpresti@idc.com. 


REALITY  CHECK 

Thomas  Nolle 


ometimes  significant  things  happen 
with  little  fanfare.This  year,  for  the  first 
time  in  history,  the  dollar  value  of  U.S. 
carrier  routers  deployed  in  networks  not 
part  of  the  Internet  exceeded  the  dollar 
value  of  those  installed  as  part  of  the 
Internet.  This  doesn’t  mean  the  Internet  is 
going  away  (far  from  it), but  it  does  mean  that  IP  networking  and  the 
Internet  are  diverging  in  important  ways. 

The  cause  of  the  change  is  the  thing  pundits  have  been  touting  for 
five  years  or  more  —  convergence.  Carriers  are  deploying  IP  infrastruc¬ 
ture  to  carry  voice,  frame  relay  ATM  and  other  services.The  old  public 
switched  telephone  network  (PSTN)  is  being  transformed,  just  like  it 
was  supposed  to  be.  But  it’s  not  being  transformed  into  the  Internet. 

From  the  first,  the  Internet  was  an  application  that  ran  on  the  PSTN, 
using  PSTN  access  resources,  leased  trunks  and  so  on.  If  you  wanted 
Internet  service,  you  had  to  get  access,  and  a  phone  company  person 
showed  up  to  install  your  phone,  or  give  you  DSL,  or  fix  your  lines  after 
a  storm.This  service  was  part  of  what  some  call  the  bloated  PSTN  busi¬ 
ness  model.  All  of  it  costs  money  Now  the  same  big  carriers  that 
brought  us  the  PSTN  are  building  a  new  public  network,  a  network 
based  on  IP  The  Internet  is  an  application  of  that  new  network,  too. 

Every  broadband  consumer  will  have  the  application  we  call  “the 
Internet,"  and  there  will  still  be  those  who  dial  into  it.  Corporations  will 
connect  to  their  customers  through  it,  send  e-mails,  all  the  things  that 
are  done  now.  So  what’s  the  difference? 

Payments  and  profits.The  new  and  critical  content  applications  such 
as  IPTV  will  sort  of  work  on  the  “Internet  application,”  but  they’ll  work 
better  on  specialized,  partitioned,  IP  infrastructure  deployed  by  the 
common  carriers  and  paid  for  incrementally  by  users.VoIP  will  work  on 
the  Internet  if  you  don’t  mind  problems  with  QoS  and  security.  And  the 
same  goes  for  VPNs,  application  networks,  grid  computing,  storage  net¬ 
working,  all  that  nice  futuristic  stuff:  They’ll  work  better  for  users  who 


The  Internet  as  an  application 


pay  for  partitioned  IP  handling.  Is  that  bad?  It  depends  on  whether  you 
think  having  this  new  stuff  is  better  than  not  having  it,  because  without 
a  mechanism  for  generating  profits  from  deploying  these  new  services, 
there  won’t  be  any  new  services  deployed. 

This  shift  in  IP  balance  of  power  has  other  effects,  too. The  common 
carriers  don’t  much  like  the  IETF  and  the  feeling’s  been  pretty  much 
mutual.  The  big  carriers  are  looking  to  the  International  Tele¬ 
communications  Union  (ITU), the  body  the  carriers  have  supported  for 
years.The  ITU  will  deal  with  the  business  issues  of  IP  infrastructure, and 
it  will  do  things  that  close  networks  to  exploitation,  provide  for  security 
and  surveillance  where  legally  mandated,  and  create  formal  intercon¬ 
nection  standards  among  carriers  with  real  settlement.  The  IETF  will 
still  work  on  the  Internet  and  also  on  end-to-end  standards  and  issues, 
but  the  organization  has  lost  the  big  carrier  buyers  . . .  probably  forever. 
IP  vendors  that  tout  the  Internet  model  will  lose  ground  to  those  that 
support  the  carrier  notion  of  infrastructure  IP  Maybe  that’s  why  Cisco 
has  been  losing  ground  to  Juniper. 

There  will  be  people  who  say  this  is  a  bad  thing,  that  the  Internet 
should  be  open  and  free.  But  shouldn’t  it  also  be  secure  and  account¬ 
able?  Watch  over  the  next  couple  of  years,  because  you’ll  see  IP  appli¬ 
cations  that  have  all  of  the  virtues  of  the  Internet  and  few  or  none  of  the 
vices.You’ll  pay  to  get  them,  of  course. 

Yes,  the  Internet  is  changing.  But  it  can  be  changing  for  the  better. 
The  PSTN  was  old,  inefficient,  slow  to  respond  to  change.  But  it 
worked,  in  incredibly  bad  conditions,  through  economic  changes, 
wars  and  disasters.lt  could  have  worked  better, and  it  will  work  better 
—  using  the  same  IP  the  Internet  gave  us.  What  we  need  to  do  is 
ensure  that  the  new  public  network  that  runs  the  Internet  provides  us 
the  business  model  of  the  PSTN,  and  the  flexibility,  innovation  and 
excitement  of  the  Internet. 


IP  vendors  that 
tout  the  Internet 
model  will  lose 
ground  to  those 
that  support  the 
carrier  notion  of 
infrastructure  IP 
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Nolle  is  president  of  CIM1,  a  technology  assessment  firm  in  Voorhees, 
NJ.He  can  be  reached  at  (856)  753-0004  or  tnolle@cimicorp.com. 


spam  fighters 
offer  feature  diversity 


■  BY  JOEL  SNYDER, 

NETWORK  WORLD  LAB  ALLIANCE 


or  the  top  of  the  heap  of  spam 
products,  it’s  not  what  is  good  or 
bad  that  sets  them  apart.  It’s 

ent. 


more  a  matter  of  what’s  differ- 


For  example,  if  an  anti-spam  prod¬ 
uct  doesn’t  allow  for  SNMP-based 
monitoring,  you  will  only  care  if 
you’re  already  using  SNMP 

Our  short  list,  based  on  the  spam 
catch  tests,  included  three  services 
(Postini,  Advascan  and  Mycom),four 
appliances  (BorderWare,  CipherTrust, 
Barracuda  and  Messaging  Architects), 
three  software  packages  tested  on 
Unix  (from  Sophos,  Proof- 
point  and  Cloudmark)  and  CrvI’a 
two  tested  on  Windows  T, 

(Symantec  and  Mail- 
Frontier).  We  let  the  ven¬ 
dors  choose  the  platform  where  more 
than  one  was  supported. 

To  distinguish  between  the  prod¬ 
ucts,  we  looked  at  four  key  areas: 
spam-oriented  features,  per-user  fea¬ 
tures,  anti-virus  and  policy-based  fil¬ 
tering,  and  logging  and  management. 

Let’s  start  with  spam 

The  most  important  feature  in  an 
anti-spam  system  is  how  well  it  catch¬ 
es  spam.  All  of  our  finalists  turned  in 
outstanding  false-positive  and  false¬ 
negative  scores,  but  there  is  consider¬ 
able  variation  in  how  each  product 
lets  IT  control  the  spam  catch 
process.  Most  products  offer  a  cock¬ 
tail  of  techniques  to  catch  spam. 

The  term  “cocktail”  is  used  by  anti¬ 
spam  vendors  to  explain  how  they 
make  the  go/no-go  decision  on  spam. 
Early  spam  products  had  only  one 
technique, such  as  searching  for 
words  in  headers  of  message  bodies, 
or  a  set  of  techniques  that  each  could 
torpedo  a  message  as  spam.  Modern 
products  mix  the  results  from  multi¬ 
ple  tests  and  analyses,  combining  and 
weighting  them  to  come  up  with  a 
final  answer  for  each  message.  As  the 
SpamAssassin  team  puts  it  when 
describing  their  anti-spam  cocktail, 
“While  any  of  these  tests  might  by 
themselves  mis-identify  a  message, 
their  combined  score  is  terribly  diffi¬ 


cult  to  fool.’To  implement  the  cock¬ 
tail,  each  message  runs  through  multi¬ 
ple  filters  or  tests,  and  receives  a  set 
of  scores.  When  enough  tests  agree 
(or  when  a  single  test  gets  a  high 
enough  score),  the  message  gets  its 
verdict:  spam  or  not  spam. 

Many  vendors  sent  elaborate  white 
papers  explaining  how  their  spam 
cocktail  was  mixed  to  be  superior  to 
the  competition.  In  our  evaluation,  we 
decided  to  not  go  down  the  path  of 
evaluating  the  components  of  the 
cocktail. The  proof  of  what  works  well 
(and  what  doesn’t)  comes  out  of  the 
statistics  on  false  positives  and  false 
negatives.  In  this  market,  the  strategies 
each  vendor  uses  to  classify  spam  are 
in  rapid  flux  as  they  search 
for  better  ways  to  outfox 
the  spammers. 

In  our  tests,  products  that 
let  one  test  dominate  the 
score  —  have  only  one  test  —  tend  to 
have  a  high  false-positive  rate.  For 
example,  just  having  the  word  Viagra 
in  the  subject  line  of  a  message  does 
not  make  it  spam.  But  having  Viagra 
in  the  subject,  in  the  body  two  or 
three  times,  a  Web  site  URL  of  an 
online  pharmacy  and  having  the  mes¬ 
sage  come  from  the  IP  address  of  a 
suspected  spammer  all  add  up  to  the 
message  being  spam. 

If  you  want  to  see  the  rules  used  to 
match  spam  and  edit  them,  then 
Sophos’  PureMessage  and  Messaging 
Architects’  GWGuardian  are  your  best 
choices.  Both  let  you  dive  in  and 
touch  every  aspect  of  the  spam 
matching. This  is  a  mixed  blessing. 

Corporate  managers  are  moving 
away  from  tuning  systems  at  this  level 
because  it’s  really  not  important.  If 
the  spam  engine  is  doing  its  job  prop¬ 
erly,  you  don’t  have  to  look  deep  into 
the  innards.  However,  there  will 
always  be  exceptions.  Sometimes  the 
mail  flow  at  a  company  can  con¬ 
found  the  spam  engine,  and  this  level 
of  detail  will  be  required. 

A  more  likely  requirement  will  be 
for  coarse  control  over  the  factors 
that  go  into  the  spam  scoring.  Pro¬ 
ducts  we  looked  at  range  from  virtual¬ 
ly  untouchable  (Advascan  and 
Symantec’s  Brightmail)  to  the  relative 
openness  of  CipherTrust’s  IronMail 


Vendor 

False 

positives 

Vendor 

Spam 

caught 

BorderWare  (MS=S) 

0.04% 

OSpam.Net 

99% 

Sophos 

0.04% 

Netriplex 

99% 

BorderWare 

0.04% 

Vircom 

98% 

Postini 

0.08% 

Process  Software 

98% 

CipherTrust 

0.12% 

Postini 

97% 

Symantec  (MS=S) 

0.16% 

MailFrontier  (MS=S) 

97% 

Symantec 

0.16% 

Messaging  Architects 

97% 

Advascan 

0.19% 

NoSpamToday! 

97% 

Proofpoint 

0.20% 

SpamStopsHere 

97% 

CipherTrust  (MS=S) 

0.23% 

BlueCat 

97% 

MailFrontier 

0.25% 

Intellireach  (MS=S) 

97% 

Proofpoint  (MS=S) 

0.29% 

Advascan 

96% 

Barracuda 

0.30% 

:  Process  Software  (RR) 

96% 

Spamfighter 

0.34% 

Roaring  Penguin 

95% 

Cloudmark 

0.35% 

MailWise 

95% 

NetCleanse 

0.46% 

Solid  Oak 

95% 

NetlQ 

0.55% 

CipherTrust  (MS=S) 

94% 

MailFrontier  (MS=S) 

0.54% 

Proofpoint  (MS=S) 

94% 

Process  Software  (RR) 

0.75% 

Barracuda 

94% 

Mycom 

0.89% 

Clearswift  (MS=S) 

94% 

Aladdin 

0.92% 

Symantec  (MS=S) 

93% 

Messaging  Architects 

0.94% 

Cloudmark 

93% 

Sybari 

1.25% 

Mycom 

93% 

Vircom 

1.63% 

Mail  by  Design 

93% 

NoSpamToday! 

2.00% 

Symantec 

92% 

Mail  by  Design 

2.13% 

Proofpoint 

92% 

Policy  Patrol 

2.16% 

BorderWare  (MS=S) 

90% 

SpamStopsHere 

2.34% 

Sophos 

90% 

Process  Software 

3.15% 

ZixCorp 

89% 

Intellireach 

3.32% 

BorderWare 

88% 

Roaring  Penguin 

3.37% 

CipherTrust 

88% 

Sublimemail 

4.00% 

Aladdin 

87% 

BlueCat 

4.08% 

Policy  Patrol 

87% 

Clearswift 

4.13% 

Tethernet 

85% 

MailWise 

4.32% 

Spamfighter 

83% 

eSoft 

4.91% 

MailFrontier 

81% 

Intellireach  (MS=S) 

5.48% 

NetCleanse 

81% 

OSpam.Net 

5.52% 

NetlQ 

79% 

ZixCorp 

5.90% 

Clearswift 

78% 

Clearswift  (MS=S) 

8.46% 

Intellireach 

62% 

Netriplex 

9.12% 

eSoft 

58% 

Tethernet 

14.34% 

Sybari 

54% 

Solid  Oak 

19.86% 

Sublimemail 

47% 
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Analyzing  the 
spam  test  results 

Digging  deeper  into  the  accuracy  and  performance  data 


Performance 


Vendor 

Aladdin 

Vircom 

Spamfighter 

MailFrontier 

NetlQ 

Clearswift 

CipherTrust 

Cloudmark 

Solid  Oak 

Symantec 

Roaring  Penguin 

Sophos 

Sybari 

Proofpoint 

NoSpamToday! 

Policy  Patrol 


4- 


4 


Messaging  Architects 

BorderWare _ 

ZixCorp 

Barracuda 

Tethernet 

Intellireach 

BlueCat 


Jii. 


Accept  rate 

Delivery  rate 

(msgs/sec) 

(msgs/sec) 

Platform 

21.0 

21.0 

VMware 

25.7 

12.2 

VMware 

11.2 

11.2 

VMware 

15.2 

10.9 

VMware 

10.1 

9.7 

VMware 

17.6 

8.3 

VMware 

50.7 

7.8 

VMware 

7.7 

7.7 

VMware 

50.7 

6.9 

VMware 

15.7 

6.4 

VMware 

6.4 

6.2 

VMware 

22.3 

4.1 

VMware 

26.7 

3.4 

VMware 

2.8 

2.8 

VMware 

0.5 

0.5 

VMware 

7.0 

0.5 

VMware 

39.9 

16.3 

Appliance 

10.7 

10.6 

Appliance 

10.5 

10.5 

Appliance 

90 

6.7 

Appliance 

5.1 

4.5 

Appliance 

4.8 

4.0 

Appliance 

3.8 

1.6 

Appliance 

False  positives:  The  best  scores  in  our  test  ali 
reflect  products  that  have  gotten  the  science 
of  not  tagging  legitimate  mail  as  spam  down 
to  the  noise  level.  Any  false  positive  is  a  prob¬ 
lem,  and  non-delivery  receipts  (NDR)  and 
mailing  lists  caused  the  most  problems  for  the 
anti-spam  products.  Many  mailing  lists  might 
be  unimportant,  but  some  are  critical.  The 
same  is  true  for  NDRs.  If  you  send  a  mail  and 
it  doesn't  go  through,  your  only  clue  is  the 
NDR  coming  back  from  your  own  mail  system 
or,  sometimes,  the  other  end.  Anti-spam  pack¬ 
ages  that  filter  these  out  a  little  too  zealously 
(because  they  assume  that  most  NDR  mes¬ 
sages  are  the  result  of  a  mass-mailing  worm), 
which  we  found  in  many  of  the  products  we 
tested,  break  that  feedback  loop  and  make 
mail  less  reliable. 

In  last  year’s  test,  false-positive  rates  were 
much  higher,  and  we  said  a  quarantine  was  a 
critical  requirement.  This  year,  while  the  false¬ 
positive  rate  has  dropped  overall,  we  still  think 
that  most  businesses  using  e-mail  as  a  critical 
communications  tool  need  some  way  to  deal 
with  false  positives. 

Tuning:  Many  vendors  insisted  they  would  do 
better  on  false  positives  with  better  tuning.  It's 
a  good  argument,  but  the  top  scores  in  our 
test  came  from  products  such  as  Sophos, 
Symantec,  Advascan  and  Proofpoint,  which 
required  no  tuning  whatsoever.  In  the  top  10 
false-positive  scores,  only  CipherTrust  did  any 
tuning  before  going  into  production.  The  idea 
that  an  anti-spam  solution  requires  constant 
maintenance  and  updating  might  have  been 
true  before,  but  our  tests  seem  to  indicate 
that  outstanding  performance  is  possible  with 
products  that  require  no  tuning  at  all.  In  some 
cases,  such  as  Symantec's  engine,  tuning  isn't 
even  allowed, 

False  negatives:  We  asked  vendors  to  provide 
settings  for  the  lowest  false-positive  rate  pos¬ 
sible,  and  that  trade-off  between  catching 
spam  and  making  mistakes  was  very  clear. 
Some  vendors,  especially  service  providers 
Netriplex  and  OSpam.Net,  got  very  high  spam 
catch  rates,  letting  in  only  a  handful  of  mes¬ 
sages.  But  this  came  at  an  unacceptably  high 
cost,  with  hundreds  of  false  positives.  The 
best  balance  came  from  service  provider 
Post  ini,  which  had  a  97%  spam  catch  rate  and 
only  six  false  positives. 

Some  products  with  high  catch  rates  and 
high  false-positive  rates  could  be  tuned.  While 
99%  spam-catcher  OSpam.Net  has  no  knobs 
and  can't  improve  a  dismal  5%  false-positive 
rate,  service  provider  Netriplex,  along  with 
software  vendors  Process  Software  and 


Vircom,  offer  dozens  of  adjustments  that  can 
be  used  to  drop  the  false-positive  rate  while 
keeping  the  spam  catch  rate  at  the  98%  to 
99%  level  we  saw. 

(MS=S):  A  few  products  include  the  “maybe 
spam"  concept.  We  computed  two  scores  for 
these  products,  one  counting  “maybe  spam" 
as  spam,  and  the  other  score  considered  the 
“maybe  spam”  designation  as  not  spam.  If 
you  don’t  consider  tagged  "maybe  spam"  as  a 
false  negative,  CipherTrust  and  MailFrontier's 
rankings  improve  considerably.  Two  vendors 
with  a  “maybe  spam"  ranking,  BorderWare 
and  Symantec,  don’t  do  any  better  —  they 
catch  more  spam,  but  don't  change  their 
false-positive  rate.  Because  BorderWare 
came  in  with  the  Brightmail  anti-spam  engine 
for  this  test,  the  similar  performance  is  not 
surprising. 

MailFrontier:  An  error  on  our  part  during  instal¬ 
lation  prevented  MailFrontier  from  properly 
completing  the  test.  We  could  re-queue  the 
mail  using  a  spam  signature  set  that  was 
accurate  as  of  the  end  of  the  test.  Thus,  it  is 
likely  that  MailFrontier  had  a  higher  spam 
catch  rate  than  it  would  have  if  the  mail  had 
run  through  contemporaneously. 

RR:  An  improperly  selected  configuration 
option  on  our  part  caused  us  to  have  to  re-run 
mail  through  Process  Software's  PreciseMail. 
The  correct  and  incorrect  numbers  are  re¬ 
ported,  with  (RR)  marking  the  re-run. 

CipherTrust:  Ciphertrust's  IronMail  was  shut 
down  by  th  company’s  technical  support  team 
during  the  test,  so  it  saw  only  approximately 
one-third  of  the  mail  flow.  Its  performance  is 
likely  representative,  but  has  a  higher  margin 
of  error  than  the  other  vendors  presented. 

Performance  notes 

Appliances:  For  the  appliance  vendors,  the 
throughput  we  report  should  be  considered  as 
a  worst  case  scenario  because  more  than  half 
of  mail  is  spam  and  will  not  have  to  flow 
through  the  entire  system.  However,  we  did  not 
test  with  quarantine  or  virus  scanning,  and 
both  of  those  features,  if  used,  would  further 
reduce  system  performance. 

Software  caveats:  For  vendors  that  sent  soft¬ 
ware,  we  used  a  VMware  ESX  server  virtual 
system  with  a  fairly  limited  disk  subsystem  to 
accommodate  the  huge  number  of  vendors  that 
wanted  to  participate  in  this  test.  Performance 
on  these  products  would  likely  be  higher  (see 
"Adventures  in  spam  testing,"  page  36). 

The  Unix  factor:  We  spent  more  time  tuning 
Unix,  Sendmail  and  various  Unix  system  utili¬ 
ties  than  we  did  tuning  products  from  vendors 


that  ran  on  Sendmail,  including  Roaring 
Penguin,  Privacy  Networks,  Proofpoint  and 
Cloudmark.  In  some  cases,  the  differences 
were  dramatic.  A  single-line  change  in 
Sendmail  configuration,  for  example,  tripled 
the  throughput  of  Roaring  Penguin's  Canlt 
Software.  This  means  companies  that  install 
their  own  software,  rather  than  going  with  an 
appliance,  need  to  be  prepared  for  significant 
performance  tuning. 

VMware  variation:  To  measure  how  much 
slower  our  VMware  system  would  be  than 
bare  hardware,  we  ran  Cloudmark  through 
the  paces  three  different  ways:  once  on 
VMware,  a  second  time  with  the  exact  same 
configuration  on  the  same  hardware  but  with¬ 
out  VMware,  and  a  third  time  with  a  similar 
server  tuned  by  Cloudmark  for  our  testing.  We 
found  that  message  throughput  forVMware  is 
between  20%  and  30%  as  fast  as  it  would  be  in 
bare  hardware.  For  example,  Cloudmark’s  own 
server  ran  a  very  peppy  5.3  times  faster  than 
our  VMware  system.  When  interpreting  the 
performance  numbers,  it's  best  to  compare 
appliances  to  appliances  and  VMware  to 
VMware  for  relative  speeds. 

Accept  rate  vs.  deliver  rate:  We  measured  the 
rate  at  which  products  accepted  mail,  and  how 
long  it  took  them  to  deliver  it  after  scanning.  In 
some  cases,  products  accept  mail  more  quick¬ 
ly  than  they  can  deliver  it.  Whether  this  is  good 
depends  on  the  details.  If  a  product  accepts 


mail  faster  than  it  can  deliver  it,  it  has  to  flow- 
control  the  incoming  mail  —  slow  down  how 
fast  you  will  accept  it  —  at  some  point. 
Products  that  don't  flow-control  are  suscepti¬ 
ble  to  a  denial-of-service  attack  because 
someone  can  fill  up  your  disks  and  lock  up  your 
server.  Our  test  wasn't  long  enough  to  show 
which  products  flow-control  under  load.  For 
example,  consider  a  product  with  140G  bytes  of 
queue  space  that  accepts  messages  at  a  rate 
of  10  messages  per  second,  but  only  delivers  at 
half  that  speed.  It  would  take  three  hours  at  full 
throttle  before  you  ran  out  of  disk  space 

Products  that  only  accept  mail  as  fast  as 
they  can  scan  or  deliver  don't  deal  with  mail 
volume  peaks  very  well. The  best  strategy  Is  to 
accept  mail  at  a  faster  rate  than  you  ca; :  scan 
it  up  to  some  point,  then  start  slowing  down 
senders  as  resources  are  consumed.  Of 
course,  some  products  architecturally  don't 
work  that  way  —  they  either  scan  as  the  mail 
flows  in  or  they  are  SMTP  proxies,  and  the 
flow  control  has  to  come  from  the  destination 
mail  server.  Most  products  we  tested  accept 
the  mail  with  an  SMTP  server  such  as 
Sendmail  or  qmail,  then  scan  trie  message, 
and  then  place  it  into  a  queue  fo>_  delivery. 

Final  note:  We  believe  that  actual  spam  ca  . 
rates  would  be  higher  for  a  test  in  which  the 
anti-spam  products  directly  faced  the  Inter¬ 
net.  False-positive  rates  would  generally  not 
be  affected. 
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and  Proofpoint’s  Protection  Server. 

One  critical  factor  is  the  ability  to  balance  how  well 
DNS  features  are  incorporated  into  the  spam  score. 
With  a  notoriously  high  rate  of  false  positives,  DNS 
blacklists  and  DNS  reverse  lookups  are  dangerous  to 
use  in  a  go/no-go  system.  However,  using  DNS  features 
as  a  component  of  the  larger  picture  is  a  great  way  to 
filter  out  spam  before  it  hits  the  device.  BorderWare, 
Sophos,  Proofpoint,  CipherTrust,  and  even  service 
Mycorn  let  you  pick  which  lists  to  look  at,  and  what 
weight  to  give  them.  Other  vendors,  such  as  Postini 
and  Symantec,  maintain  their  own  weighted  DNS 
blacklists  and  whitelists  to  eliminate  false  positives 
that  looking  at  any  one  list  will  cause. The  ability  to 
adjust  these  features  is  critical.  For  example, service 
vendor  Sublimemail  could  not  turn  off  DNS  features 
built  into  its  service,  which  increased  its  false-positive 
rate  by  a  factor  of  20. 

Power  to  the  users 

No  anti-spam  product  will  have  zero  false  positives. 
As  we  discovered  in  our  tests,  the  better  you  are  at 
catching  spam,  the  worse  your  false-positive  rate  (and 
vice  versa). The  problem  becomes  how  to  deal  with 
false  positives  that  inevitably  happen. 

Vendors  have  taken  three  approaches.  A  popular 
one  is  to  assume  that  false  positives  don’t  exist  and  to 
make  a  few  pieces  of  mail  vanish  every  now  and 


Testing  routers  and  switches  is  easy.  Frames 
go  in,  frames  come  out.  With  anti-spam  prod¬ 
ucts,  nothing  is  ever  easy. 

We  got  into  more  shouting  matches  over  this  test 
than  any  other  —  and  that  was  even  before  we 
published  the  results.  Vendors  are  intensely  com¬ 
petitive,  and  the  numbers  are  hard  to  come  by.  We 
worked  hard  to  create  a  fair  test,  but  that  doesn't 
mean  every  product  will  show  its  best  side.  For  our 
complete  methodology,  head  online  (DocFinder: 
5128). 

The  biggest  sticking  point  was  being  the  first  hop. 
Anti-spam  vendors  have  learned  they  can  eliminate 
a  huge  pile  of  junk  right  off  the  top  by  using  a  variety 
of  blacklist  techniques.  The  best  products  can  do 
that  wherever  they  are  in  the  chain  by  looking  at 
headers  in  the  message.  But  a  surprisingly  large  per¬ 
centage  haven't  figured  out  how  to  cope  with  not 
being  the  top  dog  in  the  e-mail  chain.  Some  also 
detect  irregularities  in  the  SMTP  conversation,  signs 
of  some  spam-generator  tools.  Our  test  bed  proba¬ 
bly  shaved  a  few  percentage  points  off  the  best  pos¬ 
sible  spam  catch  scores. 

We  also  had  to  deal  with  flaky  anti-spam  prod¬ 
ucts.  For  several  reasons,  not  every  product  was 
ready  to  immediately  accept  every  message  the 
moment  we  received  it.  To  deal  with  this,  we  had  to 
have  a  real  SMTP  Message  Transfer  Agent  (MTA) 
receive  end  retransmit  the  products.  That  meant 
some  of  the  tracks  and  traces  of  spammers  that 
might  be  in  irregular  or  improperly  created  mes- 


then. These  vendors  didn’t  make  our  final  cut. 

Another  strategy  is  to  tag-and-deliver  mail  rather 
than  delete  it.  With  tag-and-deliver,  some  or  all  of  the 
spam  is  actually  passed  onto  the  corporate  mail  serv¬ 
er,  but  tagged  in  such  a  way  that  users  don’t  see  it 
unless  they  specifically  look  for  it. 

Tag-and-deliver  has  a  huge  problem,  though:  the  vol¬ 
ume  of  spam  is  so  high  it  dominates  Internet  message 
flow.  In  our  test,  about  75%  of  the  mail  we  received 
was  spam.  With  tag-and-deliver, you  would  be  storing, 
backing  up,  indexing  and  archiving  four  times  the 
number  of  messages  you  really  want. 

Most  products  can  distinguish  between  certain 
spam  and  mail  they  think  is  probably  spam.  Certain 
spam  can  be  discarded,  or  even  rejected  before  it  is 
accepted,  while  mail  with  a  more  uncertain  score  can 
be  sent  to  the  quarantined,  or  tagged  and  sent  for  a 
“just  in  case”  review  by  the  user. The  only  product  that 
doesn’t  separate  spam  and  maybe-spam  is 
GWGuardian.  All  other  vendors  offer  the  opportunity 
to  separate  at  least  two  levels  of  spam  with  different 
actions  (Postini  doesn’t  let  you  tune  the  thresholds, 
but  every  other  company  does). 

The  third  alternative  is  per-user  quarantines.  When  a 
message  is  identified  as  spam,  it  is  quarantined 
instead  of  delivered.  Unlike  a  normal  mailbox,  quar¬ 
antines  clean  themselves  out  regularly  and  usually 
don’t  have  to  be  built  on  the  same  kind  of  highly  reli- 


sages  were  obstructed  by  our  MTA. 

A  bigger  issue  in  testing  many  products  involved 
training.  While  some  products  —  including  several 
of  our  top  finishers  —  require  no  training,  others 
asked  for  various  degrees  of  pre-test  preparation. 
In  the  worst  case,  several  vendors  asked  us  to 
identify  false  positives  and  false  negatives  during 
a  training  period  before  testing.  While  we  followed 
all  the  instructions  on  tuning,  the  sheer  number  of 
products  limited  the  amount  of  time  we  could 
spend  on  this  task  for  each  product.  Vendors 
whose  products  require  significant  tuning  will 
argue  they  would  leapfrog  to  the  top  of  the  list 
with  more  tuning  time.  But  maybe  they  wouldn't. 

Several  products  also  depend  on  environmental 
information  to  help  them  make  better  decisions.  For 
example,  if  you  send  your  outbound  mail  stream 
through  the  anti-spam  gateway,  it  knows  who  to 
expect  responses  from,  and  can  reduce  the  false¬ 
positive  rate  while  increasing  spam-catch  rate.  Our 
test  bed  didn’t  permit  this  type  of  configuration. 

The  false-positive  and  false-negative  rates  we 
found  are  useful  for  comparing  products  but  a  real 
installation  will  likely  have  a  lower  false-positive 
rate  and  higher  spam-catch  rate.  Because  every 
product  was  handicapped  in  the  same  way,  the 
results  reported  give  an  excellent  way  to  compare 
the  performance  of  products.  Comparing  these 
statistics  across  tests,  though,  would  not  give  valid 
results. 

—  Joel  Snyder 


able  infrastructure  and  high-performance  servers  that 
corporate  mail  servers  require. 

All  the  products  in  the  top  12  have  a  quarantine, 
although  it’s  less  common  when  you  consider  the 
entire  anti-spam  market.  By  giving  each  user  power 
over  his  own  questionable  spam,  and  by  giving  net¬ 
work  managers  the  option  to  delete  the  most  egre¬ 
gious  and  obvious  unwanted  mail,  anti-spam  products 
strike  a  balance  between  performance,  user  frustration 
and  wasted  effort,  and  the  inevitable  false  positives. 

Not  all  quarantines  are  created  equal. There  are 
some  dark  comers,  especially  with  authentication.  For 
example,  the  Advascan  and  Mycom  services  can’t  use 
your  corporate  Lightweight  Directory  Access  Protocol 
(LDAP)  or  RADIUS  authentication  database,  which 
means  every  user  will  have  to  maintain  a  separate 
password  for  his  spam  quarantine.  CipherTrust’s  quar¬ 
antine  doesn’t  have  any  authentication  at  all  —  a 
user  clicks  on  a  URL  via  e-mail,  and  this  acts  as  his 
authentication.  We  also  ran  into  severe  design  limita¬ 
tions  with  Barracuda’s  LDAP  authentication  and 
Messaging  Architect’s  SMTP-based  authentication. The 
lesson  learned  was  to  dive  into  the  details  if  you  want 
to  use  a  quarantine,  because  there  are  many  deal- 
breakers  out  there. 

We  also  considered  per-user  and  per-group  settings 
and  user  control  over  these  settings.  While  many  net¬ 
work  managers  might  not  want  to  let  end  users  play 
with  their  spam  settings,  the  argument  in  favor  of 
empowering  them  is  strong.  When  users  are  in  con¬ 
trol,  they  are  happier,  and  having  some  black  box  fil¬ 
ter  their  email  without  a  way  for  them  to  control  it 
doesn’t  go  over  well.  Several  products  put  an  enor¬ 
mous  amount  of  control  (perhaps  too  much)  in  the 
hands  of  the  users. 

In  the  top  12  products,  we  found  12  different  group, 
user  and  customization  strategies.The  most  flexible 
were  from  MailFrontier,  Messaging  Architects,  Mycom 
and  Postini.  Each  of  these  has  group-level  and  user- 
level  settings,  and  gives  the  network  manager  the 
opportunity  to  expose  those  settings  to  users  (if 
desired).  If  you  want  to  give  users  control  over  their 
own  settings,  BorderWare,  Sophos  and  Barracuda  offer 
partial  or  full  control.  Symantec,  CipherTrust  and 
Cloudmark  don’t  really  believe  in  defining  per-user  set¬ 
tings,  while  Sophos,  Proofpoint  and  Cloudmark  don’t 
believe  in  per-group  or  per-domain  settings.  Cloudmark 
doesn’t  believe  in  any  distinction  between  users  —  the 
Zen-like  simplicity  of  its  interface  allows  for  only  one 
set  of  spam  settings  for  the  entire  server. 

What's  your  policy? 

Combining  anti-spam  tools  with  anti-virus  and 
policy-based  mail  controls  is  a  logical  evolution  and 
one  that  1 1  out  of  our  top  12  embrace  with  vigor. 
Cloudmark  alone  has  turned  away  from  the  all-in-one 
system  and  focuses  entirely  on  spam  filtering.This 
makes  Cloudmark  Authority  an  ideal  component  for 
network  managers  who  want  to  build  and  control 
their  own  mail  infrastructure,  but  it  is  less  useful  for 
someone  who  wants  a  fully  integrated  system. 

Looking  closely  at  policy-based  controls  in  each 
product  separates  those  vendors  that  have  thought 
about  the  problem  from  the  “me  too’’ crowd.  For  most 
vendors,  anti-spam,  anti-virus  and  policy-based  con¬ 
trols  are  silos  of  completely  disparate  tools  that  don’t 
talk  to  each  other  and  can’t  affect  each  other.  When 


Adventures  in  spam  testing 


'WILD 


Anti-spam 


the  choice  was  “spam  or  not”  and  “virus  or  not,”  this 
approach  might  have  been  good  enough.  But  the 
majority  of  the  products  we  tested  haven’t  revisited 
their  architecture  and  tried  to  create  an  integrated 
and  simplified  approach.  For  example,  we  saw  prod¬ 
ucts  that  had  separate  configuration  tools  for  anti¬ 
virus,  anti-spam  and  policy  filtering,  each  with  slightly 
different  possible  actions.  No  tool  was  able  to  include 
the  results  of  any  other  tool,  such  as  “delete  this  mes¬ 
sage  if  it’s  both  spam  and  virus-infected,  but  quaran¬ 
tine  it  otherwise.”This  is  especially  true  for  situations 
in  which  a  vendor  has  chosen  to  act  as  a  value-added 
reseller  and  integrate  products  from  other  anti-spam 
and  anti-virus  vendors. 

The  clear  king  of  e-mail  policy  is  Sophos’  Pure- 
Message.  Beautifully  integrated  with  Sophos’  virus¬ 
scanning  tools,  PureMessage  lets  you  construct  any 
policy  you  want.  For  example,  if  you  want  to  com¬ 
pletely  drop  some  of  your  incoming  virus-infected  e- 
mail  but  try  to  clean  or  quarantine  others, you  can  do 
it.  No  other  product  comes  close  to  this  functionality 

The  other  two  very  powerful  policy  products 
(Messaging  Architects  GWGuardian  and  Symantec)  are 
built  on  similar  technology:  the  Sieve  e-mail  scripting 
language.  However,  while  PureMessage  is  Sieve-driven 
all  the  time,  Messaging  Architects  and  Symantec  use 
Sieve  only  at  particular  points  in  the  product  rather 
than  as  the  general-purpose  base  for  all  message  filter¬ 
ing.  Although  writing  message  filters  using  Sieve  isn’t  as 
easy  as  pointing  and  clicking  in  some  GUI,  the  power 
that  Sieve  brings  to  the  network  manager  who  might 
have  to  implement  a  complex  policy  is  tremendous. 


Our  Favorites 

Appliance:  BorderWare,  Messaging  Architects,  GipherTrust 
Software:  Sophos,  MailFrontier,  Cloudmark 
Service:  Postini,  Advascan,  Mycom 


While  we  focused  on  tools  for  fighting  spam  in  this 
test,  if  you  have  a  potentially  complex  policy  you  want 
to  stick  on  the  same  server,  these  two  systems  give  you 
a  great  deal  of  power.  GWGuardian  uses  Vircom’s 
Modus  technology,  one  of  the  first  commercial  Sieve 
language  implementations,  while  Symantec’s  Sieve  can 
be  nicely  hidden  under  an  easy-to-use  GUI  for  the  sim¬ 
plest  types  of  policy  filters. 

If  your  policy  is  simpler,  such  as  looking  for  words  in 
the  body  of  messages,  or  trying  to  drop  all  .EXE 
attachments  or  virus-infected  messages,  you’ll  be 
happy  with  the  tools  in  most  of  the  other  products, 
with  two  exceptions:  Cloudmark  and  Advascan,  which 
don’t  have  policy-based  filtering  under  the  control  of 
a  system  administrator. 

When  approaching  the  policy  side  of  your  messag¬ 
ing  system,  consider  whether  policies  will  be  uniform 
across  all  users,  or  tied  to  domains,  user  groups  or 
even  individual  users. There  was  variation  on  where 
policies  can  be  applied.  For  example,  Postini  gives  the 
option  of  building  deep  and  complex  hierarchies  of 
groups  within  an  organization  (or  even  across  organi¬ 
zations),  and  policies  can  be  applied  at  any  level  of 
the  hierarchy.  Sophos,  Symantec,  CipherTrust,  MyCom 
and  Messaging  Architects  also  provide  some  way  of 


Why  our  numbers  work 

You  may  notice  our  numbers  are  not  as  optimistic  as  the  marketing  literature  from  vendors'  products. 
There  are  four  reasons  for  this: 

1.  Side  effects  from  our  test  bed  probably  shaved  a  few  points  off  of  each  product's  ability  to  iden¬ 
tify  spam. 

2.  We  were  very  strict  in  our  definition  of  false  positives.  Because  many  of  the  false  positives  are  mail¬ 
ing-list  traffic  of  marginal  use,  end  users  often  don’t  count  them  when  reporting  errors.  Missing  a  few 
messages  a  month  from  a  list  that  generates  10  a  day  doesn't  bother  them.  This  contributes  to  optimistic 
numbers  that  vendors  report  based  on  user  experiences. 

3.  Because  we  ran  our  tests  on  more  than  10,000  messages  from  a  real-time  mail  stream,  our  results 
are  more  representative  of  real  product  response  than  canned  or  contrived  tests  from  vendors.  Even  a 
few  hours’  delay  in  processing  mail  causes  significant  deviations  in  performance  of  some  products. 

4.  Most  vendors  choose  to  report  false-positive  rates  by  dividing  false  positives  by  the  total  messages 
processed.  No  statistician  would  do  that.  Some  vendors  don't  explain  what  they  mean  by  “false-positive 
rate."  We  used  statistics  rigorously  defined  and  agreed  on  by  researchers,  and  it  makes  a  dramatic  differ¬ 
ence.  In  our  tests,  computing  false-positive  rates  the  vendor  way  would  cut  the  numbers  in  half.  For  a 
detailed  look  at  the  statistics  involved,  head  online  (DocFinder:  5129). 

—  Joel  Snyder 


applying  policies  to  groups. 

It’s  worth  pointing  out  CipherTrust’s  Secure  Delivery 
technology.  While  enforcing  e-mail  encryption  at  the 
gateway  is  clearly  half-baked  because  it  doesn’t  give 
true  end-to-end  encryption  or  a  strong  and  legally 
defensible  digital  signature,  the  new  wave  of  severe 
information  disclosure  and  control  regulations  that 
have  set  like  concrete  around  most  businesses  is  mak¬ 
ing  this  technology  more  attractive.  In  a  nutshell, you 
can  have  as  an  action  in  almost  any  e-mail  policy  that 
the  message  be  “securely  delivered.”  What  this  means 
is  that  CipherTrust  will  try  to  encrypt  it  using  stan- 
dards-based  S/MIME,  Pretty  Good  Privacy  or  Transport 
Layer  Security  (TLS)  paths.  If  none  of  those  is  avail¬ 
able,  the  message  will  be  stashed  on  a  Web  page 
somewhere,  and  the  recipient  will  receive  an  e-mail 
redirecting  him  to  an  encrypted  Web  page  so  he  can 
read  the  message.  Look  for  this  kind  of  security 
enforcement  to  appear  in  future  versions  of  other 
products. 

Security  disappoints 

In  terms  of  security  policy,  products  ranged  from 
weak  to  disappointing.  Even  CipherTrust,  with  its 
emphasis  on  security,  had  a  defective  certificate  man¬ 
agement  implementation  that  kept  us  from  fully  test¬ 
ing  its  code. 

Poor  security  started  with  management  over  unen¬ 
crypted  Web  sessions.  It’s  unclear  why  any  product 
designed  for  more  than  home  use  has  an  unencrypt¬ 
ed  Web  server  on  it,  but  BorderWare,  Symantec, 
Barracuda,  Cloudmark,  MailFrontier,  Mycom  and 
Postini  all  offer  full  system  management  capabilities 
without  any  encryption  requirement.  BorderWare  and 
MailFrontier  at  least  give  the  option  of  turning  off 
unencrypted  management,  but  it’s  unclear  why  they 
have  open  Web  ports  in  the  first  place. 

The  same  security  problems  extended  to  features 
such  as  encrypted  SMTP  BorderWare  gets  kudos  for 
not  only  having  a  clear  encrypted  SMTP  capability, 
but  also  the  ability  to  detect  man-in-the-middle 
attacks  —  alone  among  our  top  finishers.  Of  course, 
some  products  get  to  deflect  this  criticism  by  blaming 


it  on  the  underlying  message  transfer  agent  (MTA). 

For  example,  Symantec’s  Windows  implementation 
sits  on  the  Microsoft  SMTP  MTA,  which  has  no  ability 
to  control  SMTP  encryption. The  same  is  true  for 
Sophos,  Proofpoint  and  Cloudmark,  all  of  which  take 
whatever  encryption  and  control  capabilities  are  built 
into  the  MTAs  with  which  they  integrate.  While  you 
might  get  Sendmail  to  do  encryption,  there  is  still  a 
policy  disconnect  because  the  packages  are  loosely 
coupled  to  both  incoming  and  outgoing  mail, simple 
policy  decisions  such  as  “Was  this  message  encrypted 
incoming?”  or  “Force  this  message  encrypted  outgo¬ 
ing”  are  not  part  of  these  tools. 

The  strongest  security  criticism  we  have  for  the  ser¬ 
vices  from  Advascan,  Mycom  and  Postini  is  that  none 
support  encrypted  TLS.  Postini  announced  it  would 
be  including  TLS  security  features  in  its  products. 
Postini  also  gets  a  slap  on  the  wrist  for  its  user  authen¬ 
tication  system,  based  on  POP3,  which  requires  every 
Postini  user  to  constantly  send  his  password  in  the 
clear  over  the  Internet  to  check  his  quarantine. The 
alternative  is  to  sacrifice  authentication  integration 
with  the  enterprise,  an  equally  unsavory  approach. 

While  the  services  should  know  better,  appliance 
vendors  also  could  do  better.  Messaging  Architects 
can  encrypt  management  and  quarantine  traffic,  but 
it  doesn’t  allow  for  encrypted  SMTP  Barracuda  aston¬ 
ished  us  most  of  all,  by  not  supporting  SSL  encryption 
of  any  kind  —  for  management,  mail  encryption  or 
authentication. 

What’s  going  on? 

Most  of  the  top  products  come  with  good  manage¬ 
ment  interfaces.There  are  a  few  blemishes, such  as 
Mycom  s  Web  interface,  which  obfuscates  navigation 
and  context  information  by  hiding  options  in  invisi¬ 
ble  menus  that  pop  up  when  you  mouse  over  parts  of 
the  screen.  Also, Sophos’  rule  management  fills  up  the 
screen  but  never  tells  you  what  you  want  to  know.  But 
generally,  getting  these  systems  configured  once  you 
have  them  installed  will  be  easy,  even  for  the  most 
harried  e-mail  administrator. 

However,  finding  out  exactly  what  these  boxes  are 
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doing  is  an  exercise  in  confusion.  We  looked  for 
four  features  to  prove  these  products  were  ready  to 
go  in  a  corporate  setting:  visibility  into  the  message 
queues,  ability  to  search  the  logs,  basic  reports  and 
scheduled  reports.  Of  those  four,  only  the  first  two 
are  critical  —  the  reports  are  there  to  keep  the 
executives  well  fed,  and  help  in  capacity  planning. 
Only  two,  BorderWare  and  CipherTrust,  gave  us  an 
integrated  look  into  our  messaging  system. 

As  with  security  Sophos,  Symantec,  Proofpoint, 
Cloudmark  and  MailFrontier  can  blame  some  of 
these  deficiencies  on  the  underlying  platform. With 
Sendmail  as  the  message  delivery  system,  finding  a 
message  in  your  queue  is  just  a  matter  of  one  com¬ 
mand-line  search  command.  But  that  seems  like 
such  a  1985  way  to  do  things.  Even  though  these 
products  sit  on  top  of  other  MTAs,  we  wanted  better 
integration.  Proofpoint  tried  —  you  can  see  the 
Sendmail  logs  in  the  Proofpoint  Web  GUI. 

The  other  appliance  vendors  (Barracuda  and 
Messaging  Architects)  have  no  excuse  for  their  black- 

Complete  coverage  online! 

Our  ground-breaking  test  of  anti-spam  products  and  issues  continues 
online  at  Network  World  Fusion,  including: 

•  Our  complete  test  methodology  (how  we  tested  and  why). 

•  Pricing  and  feature  data  on  the  products  we  tested. 

•  Who  got  left  out,  and  who  opted  out  of  the  tests. 

•  An  examination  of  what  makes  a  real  false  positive. 

•  Anti-virus:  Scan  before  or  after  anti-spam? 

•  Complete  Buyer's  Guide  of  more  than  130  anti-spam  appliances,  software 
and  services. 
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box  approach  to  message  management.  With  no  visi¬ 
bility  into  the  messaging  queues  and  no  real  reporting 
system,  neither  administrators  nor  managers  will  be 
happy  with  the  capabilities  along  these  lines. 

From  the  services,  we  didn’t  expect  much  in  the 
way  of  logs  and  queue  visibility,  but  we  were  hop¬ 
ing  for  some  nice  reports.  Advascan  let  us  schedule 
reports  (a  nice  plus),  while  Postini  gave  us  reports 
on  demand. 

Picking  our  favorites 

These  products  have  proven  themselves  capable 
of  doing  a  great  job  of  filtering  spam.  It’s  not  a  ques¬ 
tion  of  better  or  worse  —  it’s  more  a  question  of 
“What  solves  your  problem  best?” 

When  it  comes  to  roll-your-own  software,  Sophos’ 
and  MailFrontier’s  offerings  impressed  us  in  many 
ways.  But  in  the  world  of  software-based  systems, 
there  are  lots  of  different  ways  to  solve  the  same 
problem.  For  example,  if  all  you  want  is  outstanding 
spam  control,  the  uncluttered  approach  of  Cloud- 
mark  might  be  your  best  bet. 

On  the  appliance  side,  BorderWare  was  a  pretty 
dear  favorite.  Although  it  didn’t  top  other  appli¬ 
ance-based  anti-spam  solutions  in  every  category,  it 
showed  excellent  design  and  implementation 
throughout  our  testing. 

That  said,  we  think  Messaging  Architects  and 
CipherTrust  should  also  be  on  your  short  list. 
Barracuda’s  appliance  has  a  fantastic  start  so  early 
in  its  life  cycle,  but  issues  in  management  and 
security  kept  us  from  seeing  it  as  an  enterprise- 
class  solution  today. 

If  you  are  looking  for  a  service,  Postini  gets  top 
billing  for  the  second  year  in  a  row.  Although 


Advascan  did  a  great  job  in  filtering  mail,  our  inabil¬ 
ity  to  customize  it  pushed  it  down  on  our  prefer¬ 
ence  list.  With  Mycom,  the  feature  set  was  tremen¬ 
dous  for  a  service,  but  some  consistent  delays  in 
performance  of  the  Web  GUI  and  in  mail  delivery 
were  a  concern. 
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Where’s  SpamAssassin? 


The  short  answer  is  that  no  one  submitted  it,  but  of  course  there’s  more 
to  it  than  that.  This  year  we  reached  out  to  the  SpamAssassin  commu¬ 
nity  and  asked  them  to  participate.  Although  a  few  well-meaning  souls 
volunteered  to  be  the  contacts  for  SpamAssassin,  when  it  came  time  to  test 
no  one  would  step  up  to  the  plate  and  represent  the  product  at  a  level  that 
would  make  it  competitive  to  the  other  enterprise-focused  vendors. 

Interest  in  SpamAssassin  is  understandable.  In  the  small-business  market, 
the  open  source  SpamAssassin  dominates  many  anti-spam  systems.  When 
well  tuned  and  integrated  by  a  value-added  reseller  (VAR)  that  knows  what  it 
is  doing,  it  turns  out  to  be  a  very  effective  system.  SpamAssassin  users  rou¬ 
tinely  report  100%  spam  reduction  and  0%  false  positives  (although  these 
self-reported  statistics  are  probably  biased),  and  are  generally  overjoyed 
with  the  results. 

By  itself,  SpamAssassin  is  little  more  than  the  software  implementation  of 
an  interesting  idea:  apply  statistics,  neural  networks  and  Bayesian  probabili¬ 
ties  to  the  problem  of  classifying  mail  as  spam  or  not.  Train  the  engine  by  giv¬ 
ing  it  desirable  and  undesirable  mail,  and  it  can  tell  you  for  each  new  mes¬ 
sage  what  pile  it  most  resembles.  It  turns  out  to  work  astonishingly  well, 
especially  in  small  businesses  where  mail  flow  is  very  homogeneous.  Spam- 
Assassin's  Bayesian  engine  even  redefines  the  meaning  of  spam  by  letting 
you  say,  "This  is  the  mail  1  want,”  and  “This  mail  I  don't  want."  SpamAssassin 
also  mixes  other  tools  into  its  scoring  system,  such  as  DNS-based  blacklists 
and  collaborative  scoring,  as  well  as  more  traditional  keyword  searches  and 
formatting  tests. 

The  key  to  SpamAssassin’s  success,  though,  is  a  smart  VAR  or  IT  person 


installing  it.  SpamAssassin  requires  a  significant  amount  of  integration  work 
to  make  an  enterprise-class  installation  succeed.  Without  a  GUI,  database, 
quarantine,  anti-virus  scanner,  policy  or  per-user  configuration,  Spam¬ 
Assassin  is  a  great  tool  for  those  who  want  to  build  their  own  anti-spam  sys¬ 
tem,  but  is  in  no  way  a  solution  by  itself. 

This  doesn't  mean  that  SpamAssassin  wasn't  well  represented  in  our  test. 
The  important  core  of  SpamAssassin,  a  Bayesian  engine,  was  recognizable 
in  at  least  one-third  of  the  products  we  tested  and  might  well  have  been  hid¬ 
den  in  the  guts  of  more,  The  strategy  of  combining  multiple  tests  to  identify 
spam  is  in  nearly  all  modern,  anti-spam  products,  including  SpamAssassin. 

The  difficulty  in  testing  or  recommending  products  that  require  heavy 
engine  training,  or  ones  based  on  trained  neural  networks,  is  that  companies 
with  many  employees  have  very  diverse  mail  flows,  and  the  training  will  likely 
generate  false  positives  or  negatives  across  large  numbers  of  users.  For 
example,  a  multinational  company  might  have  many  employees  who  don’t 
read  or  speak  Italian,  and  might  train  all  their  Italian  mail  as  spam  —  some¬ 
thing  that  would  upset  the  Milan  and  Rome  offices.  Or  imagine  IDG,  which 
owns  many  publications,  all  which  have  specialized  vocabularies.  No  one  set 
of  training  mail  would  work  for  the  different  communities, 

Products  that  successfully  include  a  Bayesian  recognizer,  such  as 
SpamAssassin,  do  so  by  considering  it  as  one  factor  in  the  larger  cocktail  of 
spam  identification.  By  weighting  the  Bayesian  verdict  with  other  informa¬ 
tion,  vendors  have  followed  the  trail  that  SpamAssassin  blazed  and  made  it 
enterprise-ready. 


—  Joel  Snyder 
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Management 


■  CAREER  DEVELOPMENT 

■  PROJECT  MANAGEMENT 

■  BUSINESS  JUSTIFICATION 


The  data  center  glass  ceiling 

What  technical  pros  need  to  do  to  break  out  of  the  IT  department  and  into  the  business  world. 


■  BY  LINDA  LEUNG 

If  IT  is  the  business,  then  why  do  most  CEOs  seem  to  come  from  the  sales  and  finance  sides 
of  the  house?  CEO  search  professionals  and  those  who  have  made  the  leap  from  IT  to  gen¬ 
eral  business  leadership  say  ambitious  IT  executives  need  direct  experience  of  how  other 
business  units  are  run  to  be  considered  CEO  material. 


Adam  Kohn,  vice  chairman  at  executive  search  firm  Chris¬ 
tian  &  Timbers,  says  CIOs  becoming  CEOs  is  not  unheard  of, 
but  usually  after  intermediary  posts.  For  example,  former  Pro¬ 
gressive  Insurance  CIO  Glenn  Renwick  managed  various  Pro¬ 
gressive  business  units  before  becoming  CEO,  while  former 
Walgreen  CIO  David  Bernauer  sat  in  the  COO  chair  before  tak¬ 
ing  the  CEO  title. 

“You  want  to  start  expressing  your  interests  early  in  your 
career,  and  you  will  move  as  you’re  promoted,”  Kohn  advises. 

This  strategy  has  worked  well  for  Tim  Aubrey  who  went  from 
running  the  data  center  of  Fairmont  Hotels  &  Resorts  to  run¬ 
ning  the  Toronto  company’s  internal  finances.  After  working  as 
Fairmont’s  vice  president  of  technology,  Aubrey  was  named 
senior  vice  president  of  finance  in  January  2003.The  new  role, 
which  he  describes  as  “developmental,”  was  created  for  him. 
Aubrey  reports  to  the  CFO,  who  manages  external  finance. 

“I  wanted  to  broaden  beyond  IT,  and  I  looked  at  several  areas 
in  business, ” Aubrey  says.“Finance  was  my  top  pick  and  second 
was  operations.  Finance  is  the  backbone  to  any  business.”  He 
says  having  IT  and  finance  skills  is  more  portable  across  indus¬ 
tries  than  specific  operations  experience. 

Aubrey  made  his  wishes  known  during  his  four-year  tenure 
with  the  Fairmont’s  IT  group,  where  he  introduced  high-speed 
Internet  access  throughout  the  hotel  chain.  Stepping  out  of  IT, 
even  if  it  means  forgoing  short-term  promotions,  should  also 
be  considered. 

In  the  late  1980s,  Susan  Cramm  was  software  applications 
director  at  restaurant  chain  Taco  Bell  and  was  being  groomed 
to  replace  the  CIO.  She  requested  to  be  put  on  a  high-profile 
special  projects  team  to  overhaul  the  company  so  she  could 
be  exposed  to  general  business  issues. “Getting  on  a  spe¬ 
cial  project  is  a  great  opportunity  to  get  rebranded 
[but]  don’t  volunteer  for  assignments  that  are  not 
front  and  center  of  the  organization.  It’s  also  risky 
because  they  fill  your  job  while  you’re  gone,”  she 
says. 

After  a  year  on  the  special  project,  she  was  given 
responsibility  for  financial  planning  at  Taco  Bell 
in  1989  and  in  1990  was  named  CIO.  Four  years 
later,  with  technical  and  financial  experience 
under  her  belt,  Cramm  was  appointed  CFO  at 
Chevy’s  Mexican  Restaurants,  where  she  was 
responsible  for  finance,  business  strategy  restau¬ 
rant  development,  franchising  and  legal  func¬ 
tions.  Cramm  left  Chevy’s  in  1998  to  set  up  Value- 
dance,  a  San  Clemente,  Calif.,  company  that 
coaches  executives  on  increasing  the  value  of 
their  IT  investments. 


She  asserts  that  crossing  boundaries  from  technology  to  gen¬ 
eral  business  is  risky  for  companies  unless  technology  execu¬ 
tives  can  prove  their  business  mettle.  It  was  relatively  straight¬ 
forward  for  Cramm  to  demonstrate  her  business  savvy  be¬ 
cause  she  had  worked  as  a  consultant  at  Touche  Ross  (now 
Deloitte  &  Touche)  before  joining  Taco  Bell  and  holds  an  MBA. 
The  Fairmont’s  Aubrey  also  holds  an  MBA,  but  they  both  agree 
that  level  of  education  is  not  always  necessary 

“Get  an  MBA  for  your  own  development  and  not  because 
you  want  to  put  it  on  your  resume,”  Aubrey  says. “If  you  do  it, 
make  sure  you  do  it  at  the  right  time.There’s  a  five-year  window 
in  your  career  that  it’s  going  to  be  relevant  —  the  mid-manag¬ 
er  position,”  he  says. 

Larry  Geisel,  CEO  of  software  vendor  Nexaweb  Technologies, 
says  obtaining  real-life  experiences  is  more  valuable  than  pur¬ 
suing  an  MBA.  Geisel  has  served  as  CIO  and  CEO  at  various 
technology  firms,  including  CIO  at  Xerox  and  Netscape,  and 
CEO  at  White  Pine  Software,  and  founded  Carnegie  Group, 
Summit  Information  Systems  and  Intelligent  Information  Sys¬ 
tems.  “There’s  a  lot  to  be  gained  from  attending  general  busi¬ 
ness  conferences.  It  would  help  you  rethink  your  job  role  and 
how  you  can  help  the  business  succeed,”  he  says. 

Geisel  says  it  is  easier  for  IT  professionals  within  technology 
firms  to  become  CEOs  in  their  industries  than  in  non-technol¬ 
ogy  sectors,  where  it  might  be  difficult  to  shake  off  the  geek 
label.  But  even  in  the  technology  arena,  there’s  a  big  transition 
to  make  from  supporting  the  technology  to  selling  it.  Geisel 
says  his  biggest  learning  curve  was  appreciating  the  effort  re¬ 
quired  to  build  awareness  for  a  new  product  category  and 
take  the  product  to  market. 

Vincent  Oddo  worked  as  a  CIO  for  10  years  in  the  tele¬ 
com  industry  When  he  sought  a  post  as  senior  vice 
president  of  operations  at  Network  Telephone, 
interviewers  grilled  him  on  his  lack  of  sales  expe- 
rience.“But  I  was  able  to  bring  up  new  products 
and  marketing  projects  that  I  helped  start. As  CIO, 
I  suggested  lots  of  things  that  became  successful 
products,"  he  says.  He  got  the  job  and  quickly 
immersed  himself  in  sales.  Oddo  is  now  presi¬ 
dent  and  CEO  of  Access  Integrated  Networks,  a 
carrier  in  Macon,  Ga. 

IT  leaders  have  one  advantage  over  their  busi¬ 
ness  counterparts:  They’re  wired  to  analyze  and 
think  far  into  the  future  through  years  of  figuring 
out  how  upcoming  technologies  could  trans¬ 
form  their  business.  “Businesspeople  are  too 
focused  on  the  next  quarter,  they  don’t  think 
strategically  at  all,”  Geisel  says.  ■ 
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KVM  RACK  DRAWER  WITH  KvM  SWITCH  OPTION 


Rose  Electronics 
10707  Standiff  Road 
Houston,  Texas  77099 


ROSE  US  +281  933  7673 

ROSE  EUROPE  +44  (0)  1264  850574 

ROSE  ASIA  +65  6324  2322 

ROSE  AUSTRALIA  +617  3388  1540 
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A  KVM  switch  allows,  single  or  multiple 
workstations  to  have  local  or  remote  access  to 
•. :  multiple  computers  located,  in  server  rooms  or 
on  the  desktop  regardless  of  their  platforms 
V,  and  operating  systems.  KVM  switches  have 
traditionally  provided  cost  savings  in  reducing 
energy  and  equipment  costs  while  freeing  up 
valuable  real  estate. 
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Recognized  as  the  pioneer  of  KVM  switch 
-  technology,  Rose  Electronics  offers  the 
-  •  industry’s  most  comprehensive  range  of 
server  management  products  such  as  KVM 
switches,  extenders  and  remote  access 
,  solutions.  Rose  Electronics  products  are 
■_  known  for  their  quality,  scalability,  ease  of  use 
and  innovative  technology. 


UltraMatrix  Remote 

REMOTE  MULTIPLE  USER 
KVM  MATRIX  SWITCH 
ACCESS  OVER  IP  OR  LOCALLY 


UltraConsole 

PROFESSIONAL  SINGLE-USER 
KVM  SWITCH  SUPPORTS  UP 
TO  1000  COMPUTERS 


•  Connects  1,000  computers  to  multiple  user  stations 
over  IP  or  locally 

•  High  quality  video  up  to  1280  x  1024 

•  Scaling,  scrolling,  and  auto-size  features 

•  Secure  encrypted  operation  with  login  and  computer 
access  control 

•  Advanced  visual  interface  (AVI) 

•  No  need  to  power  down  servers  to  install 

•  Free  lifetime  upgrade  of  firmware 

•  Available  in  several  models 

•  Easy  to  expand 

800  333  9343 

WWW.ROSE.COM 


Connects  up  to  1000  computers  to  a  KVM  station 
Models  for  4,  8,16  computers 
Advanced  visual  interface  (AVI) 

Compatible  with  Windows,  Linux,  Solaris,  and  other  O/S 
Connects  to  PS/2,  Sun,  USB,  or  serial  devices 
Converts  RS232  serial  to  VGA  and  PS/2  keyboard 
Free  lifetime  upgrade  of  firmware 
Security  features  prevent  unauthorized  access 
Full  emulation  of  keyboard  and  mouse  functions  for  automatic, 
simultaneous  booting 
Easy  to  expand 


^ELECTRONICS 


Rose  Electronics  is  privately  held  with  world- 
headquarters  in  Houston,  Texas  and  sells  its 
products  worldwide  through  a  large  network  of 
Resellers  and  Distributors.  Rose  has 
operations  in  the  United  Kingdom,  Spain, 
Germany,  Benelux,  Singapore  and  Australia. 


SERVERS  WITHIN  YOUR  REACH 
FROM  ANYWHERE 
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Sentry  Gives  You  Secure  Web/I P  Based  Remote  Site  Management 
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"NEW!"  Secure  Shell  (SSHv2)  Encryption  « 
"NEW!"  SSLv3  Secure  Web  Browser « 
"NEW!"  Active  Directory  with  LDAP  « 
SNMP  MIB  &  Traps  « 
Integrated  Secure  Modem  « 
True  RMS  Power  Monitoring  « 
Outlet  Receptacle  Grouping  for  Dual-Power  Servers  « 
Fail-Safe  Transfer  Switch  for  Single-Power  Supply  Servers  « 
Power-up  Sequencing  Prevents  Power  In-rush  Overload  « 
Temperature  &  Humidity  Environmental  Monitoring  « 
Zero  U  &  Rack-mount  Models  « 
1 1 0/208  VAC  Models  with  30-Amp  Power  Distribution  « 
NEBS  Approved  -48  VDC  Models  Available  « 
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Server  Technology 


Solutions  for  the  Data  Center  Equipment  Cabinet 


When  servers  and  network  devices 
in  the  data  center  lock-up,  network 
managers  need  fast,  secure  and 
reliable  tools  to  respond.  With 
Sentry™  Remote  Site  Managers, 
an  administrator  can  immediately 
reboot  a  remote  system  with  just 
a  few  mouse  clicks.  Sentry  also 
provides  accurate  input  current 
power  monitoring,  environmental 
monitoring  and  integrated  secure 
console  management  using  SSH. 
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Server  Technology,  Inc* 


Server  Technology,  Inc. 
1040  Sandhill  Drive 
Reno,  NV  89521 
USA 


toll  free  +1.800.835.1515 
tel +1.775.284.2000 
fax +1.775.284.2065 

www.servertech.com 

sales@servertech.com 


©Server  Technology,  Inc.  Sentry  is  a  trademark  ot  Server  Technology.  Inc 


KVM  over  IP 


Cyclades  AlterPath™  KVM/net 
offers  a  unique  set  of  features: 

■  Server-based  authentication 

(NT  domain,  LDAP,  Secure  ID,  RADIUS,  TACACS+) 

■  16  and  32  port  models 

■  CAT5  cabling  up  to  500  feet 

■  User  access  logging 

■  System  event  syslog 

■  Integrated  power  management 


Over  80%  of  Fortune  100 
choose  Cyclades. 


Secure  KVM  over  IP  switch 


Centralize^  system 

' 

■  Remote  ;  w  citie  nt  >res:o 


We've  worked  our  magic. 
Now  you  can  work  yours. 


www.cyclades.com/nw 

1.888.cyclades  «  sales@cyclades.com 


cyclades 
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SENSAPHONE® 

irvis-aann 


Tel:  877-373-2700 
www.ims-4000.com 


Phonetics,  Inc. 
901  Tryens  Road 
Aston,  PA  19014 


Embedded 

Web 

Server 


Sends 

E-Mail 


Power 

Outage 


Internal 

UPS 


BE  NOTIFIED  BEFORE  CRITICAL  EVENTS  TURN  INTO  DISASTER! 


•  Eight  environment  inputs 

•  Power  sensing 

•  Monitors  64  IP  addresses 

•  Send  alerts  to  64  people 

•  8  methods  of  contact 

•  Calendar  scheduling 

•  Expands  to  256  sensors 

•  Remote  power  control 

•  Optional  camera 


The  Sensaphone  IMS-4000  Infrastructure 
Monitoring  System  monitors  critical  environ¬ 
mental  and  network  elements  in  your  server 
room,  data  center,  or  telecomm  installation  and 
reports  to  you  instantly  when  events  threaten 
your  infrastructure.  The  IMS-4000  keeps  watch 
so  you  don't  have  to.  See  these  features  and 
more  on  the  web  at  www.ims-4000.com 


Microphone 

for  Sound 
Monitoring 


Sends 

SNMP 

Messages 


Monitors 

64 

IP  addresses 


8  RJ-45  Sensor  Inputs 

( Temperature ,  Humidity, 
Water,  Motion,  Power, 
Smoke/Fire) 


CDI  offers: 

Hardware  encryption  over  dial-up 
and  network  connections 
RSA  certified  SecurlD  authentication 
without  a  network. 

Patented  central  management  of  all 
remote  devices 


Full  NIST,  FIPS  140-2  certifications 

Remote  Power  control 

Homologous  world-wide  approved 
internal  modems 


CDI  has  been  building  encryption  eguipment  for  over  fifteen  years.  Our  customers  and  partners  include 
major  financial  institutions,  government  agencies,  major  telcos,  utilities,  and  the  United  States  military. 


Communication  Devices  Inc. 
www.outofbandmanagement.com 
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Secure  Out  Of  Band 
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A  true  Secure  Out  of  Band  Management 
solution  should  provide  strong  security  without 
reliance  upon  network  based  protocols. 


Control  Power  on  Any  AC 

Powered  Device ... 

Hie  Web  Browser,  Telnet, 
Modem  or  Local  Terminal 


Web  Browser  Interface 


Servers,  routers,  and  other  electronic  equipment 
occasionally  “lock-up”,  often  requiring  a  service  call 
to  a  remote  site  just  to  flip  the  power  switch  to  perform 
a  simple  reboot.  With  WTI’s  Remote  Power  Switches, 
you  can  perform  reboot  and  On/Off  control  from 
anywhere! 
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Web  Browser  Access  for  Easy  Setup  and 
Operation 

Encrypted  Password  Security 

Dual  15  Amp  Power  Circuits 
Total  30  Amps  Maximum  Load 

115  VAC  and  230  VAC  Models 
Sixteen  (16)  Individual  Outlets 
RS232  Modem  /  Console  Port 
Network  Security  Features 
Power-Up  Sequencing 

Also  Available  in  4,  8  &  16  Plug  Models  and 
Horizontal  1U  and  2U  Models 


Wail!  sn  Online  Demo? 

Just  call  or  email  and  you’ll  see  for  yourself  why  so  many 
network  professionals  choose  WTI. 


Yes,  We  are  Customer  Friendly! 

V  Two  Year  Warranty 

V  We  Stock  for  Same  Day  Shipment 
y  30  Day  No-Fee  Return  Policy 

y  Start-up  Cables  and  Rack  Kits  Included 


Dual 

Power 

Inputs 
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www.wti.com 


l  western  telematic  incorporated 

l  5  Sterling  •  Irvine  •  California  •  92618-2517  •  (800)  854-7226 
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NETWORK* 

INSTRUMENTS 


OBSERVER 


How  much  can  your  network  analyzer  see? 

Observer  is  the  only  fully  distributed  network  analyzer  built  to 
monitor  the  entire  network  (LAN,  802.  Ila/b/g,  Gigabit,  WAN). 
Download  your  free  Observer  10  evaluation  today  and  experience 
more  comprehensive  real-time  statistics,  more  expert  events,  and 
more  in-depth  analysis  letting  you  dive  deeper  into  your  network 
than  ever  before.  Choose  Observer. 


-  BRnGER-  Guard  against  the  latest  network  threats  by  identifying 
and  isolating  infected  systems  automatically. 

-DRTR  Mini  nG -  Analyze  gigabit  traffic  and  massive  amounts 
of  data  with  Observer's  expanded  options  for  data  mining. 

-JUnK  TRRFFlC-  Identify  broadcast  storms,  monitor  excessive 
traffic,  and  optimize  bandwidth  with  Observer's  many  utilization 
metrics  and  over  30  real-time  statistics. 

US  &  Canada  toll  free  800.526.5958 
fax  952.932.9545 

UK  &  Europe  +44(0)  1959569880 

www.networkinstruments.com/analyze 
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Go  to  http://subscribenw.com/mynw  for  your  free  subscription. 


Subscribe  today  and  receive  your  own 
1-year  subscription  for  FREE  - 

a  $129.00  value! 


Luggage,  Fine  Leather  Goods, 
Gifts,  and  more! 

Tumi,  Hartmann,  Andiamo, 
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10%  discount  for  Network 
World  readers 
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If  it’s  on  the  ^WORLDWIDE  PROVIDER 
network^  OF  NETWORK 

vk’ve  got  it!  HARDWARE 

SINCE  1981! 

•  NetWork  Hardware 


•  babies 


•  Memory 
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WRC 


•  Accessories 

sales@wrca.net  •  (800)699-9722x102 
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Famatech 


How  fast  can  you  get  to  your 
server,  if  you  are  1000  miles 
away?  Two  hours  by  plane. 
Fourteen  hours  by  car.  A 
month,  if  you  run.  Only  a  few 
seconds  with  RAQMIN. 

RADMIL  Is  a  reliable  and 
secure  remote  control 
software  designed  to  work  on 
and  monitor  the  remote 
computers  just  as  if  they 
were  right  there  in  front  of 
you.  RADMIN  proved  itself 
as  incredibly  fast  and  easy  to 
learn  and  use.  RADMIN  is  a 
complete  remote  control 
solution  with  such  features  as 
file  transfer,  NT  security, 
Teinet  and  multiple 
connections  support  built  in. 

See  details  at: 

www.radmin.com 

e-mail:  sales@radmin.com 
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Advertising  Supplement 

CIOs  Identify  Trends  for  2005 


IT  Careers 

Normally  workforce  experts  look  to  the  CIOs  of  the 
largest  IT  firms  to  establish  what  the  future  will  bring. 
However,  the  trends  facing  non-IT  CIOs  -  who  represent 
better  than  79  %  of  the  jobs,  according  to  ITAA's  annual 
workforce  study  -  are  the  ones  that  will  affect  the  vast 
majority  of  IT  professionals.  And  their  list  of  trends 
to  watch  in  2005  is  short. 

First,  industry  sectors  will  continue  to  shift 
focus  on  information  technology  as  core 
business  competencies.  Steve  Agnoli,  CIO 
for  Kirkpatrick  Lockhart  LLP  law  firm  in 
Pittsburgh,  says,  "IT  competence  is  key  in 
our  ability  to  provide  client  service.  The 
large  firms  and  corporations  we  represent 
expect  us  to  be  able  to  hang  with  them 
from  a  technical  standpoint." 

That  situation  faces  all  business  sectors, 
according  to  Ray  Barnard,  CIO  for  the 
world's  largest  engineering  construction  firm,  Fluor  Corp. 
"We're  projects-based  with  projects  in  48  different 
countries.  Each  project  has  an  IT  element  to  it."  For  the 
World  Wildlife  Foundation,  based  in  Washington  DC,  the 
need  is  the  same.  WWF's  CIO,  Greg  Smith,  says  advancing 
and  evolving  use  of  technologies  is  required  to  maintain 
the  non-profit's  mission  and  goals. 

Second,  the  cost  of  IT  services  will  continue  to  be  the  name 
of  the  game  for  all  industry  sectors.  The  result,  according  to 
all  three  CIOs,  will  be  continued  levels  of  outsourcing  for 


commodity  functions.  Barnard,  who  recently  outsourced 
better  than  35%  of  his  IT  operation,  says  the  challenge  is  to 
identify  accurately  what  IT  capabilities  are  core  to  the 
business  or  organization  and  to  the  smooth  transition  of 
employees  to  outsource  service  providers.  "I  think  we'll  see 
a  shift  of  some  jobs  to  service  providers," 
says  Barnard,  pointing  to  increased 
opportunity  for  IT  professionals  with  the 
valuable  commodity  skills.  "Right  now,  the 
service  providers  have  multiple  clients  to  take 
care  of  and  need  people."  The  risk,  of  course,  is 
when  a  CIO  or  IT  team  doesn't  correctly  identify  what 
needs  to  be  outsourced  and  what  needs  to  be  preserved 
internally.  Currently  the  financial  services  sector,  which  was 
out  front  on  driving  down  cost  through  outsourcing,  is 
again  hiring  to  regain  its  core  technical  capabilities. 

Third,  the  IT  profession  continues  to  offer  opportunity  and 
challenge.  The  most  critical  skills  IT  pros  need  include 
strong  customer  service  understanding,  communication 
skills  and  management  of  outsourced  capabilities.  For  Fluor 
Corp.,  the  need  is  for  staff  members  who,  understanding 
the  business  of  engineering,  can  develop  and  upgrade 
infrastructure  architecture;  programming  in  support  of 
CAD,  three-dimensional  CAD  and  CATIA;  programming  in 
support  of  the  ERP  systems,  particularly  financial;  and 
development  of  security  protocols  and  programming. 
Mobility  is  another  critical  factor  in  Barnard's  world,  where 
systems  must  be  developed  and  put  in  place  on  a 
worldwide  basis.  For  Agnoli  in  a  legal  setting,  customer 


focus  "must  be  at  an  unbelievable  level",  and  he  looks  for 
those  who  can  communicate  about  and  apply  technology 
to  the  benefit  of  the  firm.  And  for  Greg  Smith  at  WWF,  the 
critical  skills  for  non-profit  IT  professionals  are  for-profit 
thinking  and  practices  to  achieve  extraordinary  results. 
He  lists  analytics  and  business  intelligence  specialization 
as  critical. 

"The  market  is  blurred,"  adds  Smith,  in  terms  of  where  the 
greatest  opportunities  exist  -  government,  for-profit  or 
non-profit.  "I'd  challenge  them  (IT  professionals)  to  look  for 
sound  opportunities  for  organizations  that  have  a  great 
brand  and  name  recognition." 


The  Job  Market 

Legal.  The  10  largest  American  law  firms  spend  3-5%  of 
revenues  on  IT  and  have  IT  staffs  of  more  than  70. 

Construction.  The  10  top  world  engineering  construction 
firms  have  IT  staffs  of  approximately  500  to  750  each, 
according  to  Barnard. 

Non-profit.  World  Wildlife  Foundation  has  a  staff  of 
approximately  20  IT  professionals,  fairly  representative  of 
sophisticated  non-profit  operations. 


For  more  information  about  IT  Careers  advertising, 
please  call:  800.762.2977 

Produced  by  Carole  R.  Hedden 
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Companies 


An  extraordinary  place  to  work 


The  Capital  Group  Companies,  a  global  investment  management 


firm,  is  currently  hiring  in  its  Information  Technology  Group, 

«• 

which  supports  a  multi-platform,,  web-enabled  environment. 

.++  The  group  has  more  than  1,400  IT  professionals  based  in 

.  •••  ‘  •  • 

offices  around  the  globe.  Our  current  U.S.  hiring  needs  are: 

_ 

•  Project  Management  •  Information  Architecture 

•  Application  Development  •  Web  Development 

•  Business  Systems  Analysis  •  Management 


We  offer  highly  competitive  compensation 
(salary  and  bonuses)  as  well  as  outstanding  benefits. 

Visit  our  Web  site  at  www.capgroup.com 

An  Equal  Opportunity  Employer 


Cambridge,  MA-based  communications  technology  co.  seeks  talented 
professionals  for  the  following  positions: 

Sr.  Scientist  (Speech  Recognition  Project):  Duties:  Perform  advanced 
speech  recognition  research  leading  to  dsgn  &  dvlpmt  of  a  real-time 
speech  recognition  systm  to  operate  on  conversational  telephone  speech 
&  broadcast  news  in  English,  Arabic  &  Chinese;  compile  &  assemble 
speech  signal  data  using  std  techniques,  incl  linear  discriminant  analysis 
(LDA),  heteroscedastic  LDA  (HLDA),  perceptual  linear  prediction  (PLP) 
analysis,  &  MFCC  co-efficients;  conduct  acoustic  modeling  using  hidden 
Markov  models  (HMM),  trajectory  models,  speaker  adaptive  training 
(SAT),  minimum  mutual  information  (MMI)  &  minimum  phone  error  (MPE); 
use  C,  C++  &  Perl  prgmg  languages  to  integrate  new  technologies  into 
existing  speech  recognition  systm  &  debug;  Req:  Masters  (or  foreign 
equiv.)  in  Electrical/Comp  Engg,  w/sustained  research  interest,  as  evi¬ 
denced  by  graduate  thesis  or  record  of  publication,  in  the  field  of  speech 
recognition;  +  2  yrs  exp.  in  the  dsgn  &  dvlpmt  of  speech  recognition 
systms.  Exp.  must  incl  2  yrs  with:  PLP,  MFCC  &  FI/LDA  analysis;  HFIM, 
trajectory  model,  SAT.  MMI  &  MPE  acoustic  modeling  technologies;  & 
C/C++  &  Perl.  Job  #SS1 

System  Design  Engineer:  Duties:  Perform  theoretical  analysis  &  valida¬ 
tion  of  linear,  non-linear  &  stochastic  systems;  using  C/C++  &  MAT- 
LAB/Simulink,  Maple,  Mathcad  &  Labview  tools;  perform  statistical  analy¬ 
sis  of  experimental  data;  dsgn,  simulate,  validate  &  implmt  real-time  con¬ 
trol  algorithms  using  knowl  of  A/D/A  converters,  Digital  Input/Output  (DIO) 
computer  interfacing,  digital/analog  circuit  design  &  computer  architec¬ 
ture;  dsgn  &/or  simulate  &  implmt  digital  link  layer  of  networking  protocols 
&  real-time  digital  signal  processing  algorithms,  systems  level  digital  /ana¬ 
log  interfaces  &  prototypes  of  high-speed  h/ware  electronics  using  VHDL 
&  FPGA  synthesis  tools.  Reqs:  Bach  (or  foreign  equiv.)  in  Comp.  Eng  ICS 
+  2  yrs.  exp.  as  Systems  Analyst/Design  Engr.  Exp.  must  incl:  2  yrs.  of 
control  systm  dsgn  exp.  with  MATLAB/Simulink,  Maple,  Mathcad  & 
Labview  tools,  &  C/C++  prgmg;  also,  at  least  1  yr  of  exp.  in  digital  dsgn 
using  VHDL/FPGA  synthesis  tools  &  1  yr  of  hands-on  exp  using  h/ware 
components  such  as  A/D/A  converters,  amplifiers,  DIO  computer  interfac¬ 
ing,  &  digital/analog  circuit  dsgn.  Job  #SDE2 

Software  Engineer:  Duties:  Work  w/team  to  dsgn,  implmt,  &  test  prototype 
modules  or  subsystems  for  ad  hoc  mobile  packet  radio  networks  on 
selected  platforms,  using  C/C++  and  Java;  simulate  &  analyze  efficacy  of 
new  architectures,  algorithms,  &  protocols  within  future  projected  traffic  & 
service  reqmt  scenarios,  using  Opnet/ns  &  MATLAB;  perform  code  dvlpmt 
&  debugging  tasks  using  GCC  &  MS  Visual  Studio.  Req:  Bach  (or  foreign 
equiv.)  in  Comp  Engg  or  Comp  Sci.  Also  reqs  advanced  course  work/col¬ 
lege  project  exp.  with:  operating  system  architecture  &  driver  dvlpmt  using 
C/C++,  GCC  &  Visual  Studio;  simulation  exp.  w/MATLAB  &  Opnet/ns;  & 
familiarity  w/data  communication  &  radio  concepts  (signal  processing, 
radio  control  engg)  as  they  apply  to  mobile  &  other  wireless  technologies. 
Job  #SE3. 

Send  resume  &  Itr  of  application,  identifying  position  by  Job#  &  detailing 
relevant  exp,  to  Robin  Flughes,  HR  Bus.  Partner,  BBN  Technologies,  10 
Moulton  St.,  Cambridge,  MA  02138. 


Clinical  Application  Engineer 
(Memphis,  Tennessee)  -  Design, 
administer,  maintain,  document, 
and  develop  user  interface  soft¬ 
ware  applications  in  complex 
clinical  databases  environment 
using  SQL  over  multiple  hard¬ 
ware  platforms.  Train  end  users 
on  data  entry  and  other  data 
management  practices.  Create 
data  entry  screens,  system  test¬ 
ing  and  validation,  develop  vali¬ 
dation  procedures,  and  data¬ 
base  reports.  Report  develop¬ 
ment  in  a  client  server  environ¬ 
ment  utilizing  reusable  code 
modules  in  an  application  devel¬ 
opment  lifecycle.  Responsible 
for  business  requirements  elici¬ 
tation  and  documentation  of 
information  systems  in  a  regulat¬ 
ed  environment. 

Must  have  a  Master  Degree  or 
foreign  degree  equivalent  in 
Information  Systems,  Computer 
Science,  or  related  field  AND  1 
year  of  experience  in  the  job 
offered  or  1  year  of  experience 
in  a  position  involving  applica¬ 
tion  development  OR  will  accept 
a  Bachelor  Degree  or  foreign 
degree  equivalent  in  Information 
Systems,  Computer  Science,  or 
related  field  AND  3  years  of 
experience  in  the  job  offered  or 
3  years  of  experience  in  a  posi¬ 
tion  involving  application  devel¬ 
opment.  Experience  mentioned 
may  have  been  gained  concur¬ 
rently  and  must  include:  (i)  1  yr 
of  experience  in  developing  user 
interface  applications;  (ii)  1  yr  of 
experience  in  report  develop¬ 
ment  in  a  client  server  environ¬ 
ment  utilizing  reusable  code 
modules  in  an  application  devel¬ 
opment  lifecycle;  (iii)  1  yr  of 
experience  in  applying  design 
and  analysis  of  relational  theory 
in  a  complex  database  environ¬ 
ment  using  SQL  over  multiple 
hardware  platforms;  and  (iv)  1  yr 
of  experience  in  business 
requirements  elicitation  and  doc¬ 
umentation  of  information  sys¬ 
tems  in  regulated  environment. 
Must  have  legal  authority  to 
work  in  U.S.  Send  resume  to  S. 
Hopson  (REF:CAE),  Medtronic 
Sofamor  Danek  USA.  Inc.,  1800 
Pyramid  Place.  Memphis,  TN 
38132. 
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MARKET  RESEARCH  - 
PROJECT  ANALYST 

After  researching  market  condi¬ 
tions,  prepare  project  proposals 
for  recruitment  &  placement  of 
software  professionals  on  IT 
projects  using  all  survey,  net¬ 
working  &  lead  generation  tools. 
Then  execute  plan  by  contract¬ 
ing  w/clients  to  satisfy  technical 
project  needs  on  acceptable 
terms.  BS  in  Comp.  Sci.  or 
Electrical  or  Electronics  Engnrg 
+  2  yrs  of  experience  in  job 
offered  or  as  a  Bus.  Dvlpmnt 
Mgr/Analyst  reqd.  High  mobility 
preferred.  40  hrs/wk.  OT  as 
reqd.  8am  -  5pm,  $64,260/yr. 
Submit  resume  to:  Site 

Administrator,  Greene  County 
CareerLink,  4  West  High  Street, 
Waynesburg,  PA  15370-1324. 
Refer  to  Job  Order  No.  WEB 
480843. 

ScanSoft,  Inc.  seeks  a  Director. 
Telco  &  Multimodal  Solutions  for 
its  Peabody,  MA  office  to  man¬ 
age  technical  &  commercial  as¬ 
pects  of  multimodal  product  line 
business,  incl.  product  develop¬ 
ment  &  marketing,  sales  engi¬ 
neering,  &  solutions.  Must  have 
Master's  in  Comp.  Sci.,  &  2  yrs. 
of  software  product  exper.  w/ 
multimodal  client/server  technol. 
&  multimodal  applies.,  product 
mgmnt.  exper.,  &  exper.  w/  mob¬ 
ile  technol.,  incl.  exper.  w/  mob¬ 
ile  applic.  development  SDKs, 
as  well  as  1  yr.  of  exper.  in  tech¬ 
nical  pre-sales  to  telecom,  cus¬ 
tomers.  (Exper.  can  be  concur¬ 
rent.)  Must  also  be  proficient  w/ 
2.5G  wireless  network  architec¬ 
tures  &  w/  mobile  platforms  (i.e., 
BREW  &  Nokia  Series  60). 
Candidates  should  send  resume 
to  Mary-Ellen  Messer,  Employ¬ 
ment  Specialist,  ScanSoft,  Inc., 
9  Centennial  Dr.,  Peabody,  MA 
01960. 

Software  Engineers  to  lead 
teams  to  analyze,  design,  devel¬ 
op  client/server,  web  appls  in 
ASP,  XML,  ActiveX  Controls, 
VB.  ASP.NET,  VB.Net,  ADO. Net, 
HTML,  Oracle,  SQL  Server, 
Windows  etc;  create  complex 
business  components  using 
COM  dynamic  link  libraries  and 
implement  them  in  multi-tier 
envir  using  MS  Transaction 
Server;  trouble  shoot  software 
/hardware  problems;  interact 
between  project  members,  ven¬ 
dors,  customers;  provide  train¬ 
ing  to  end  users,  team  mem¬ 
bers.  Require:  MS  in  CS/Engg 
(any  branch)  &  3  yrs  exp  in  job 
offered  or  a  BS  or  foreign  equiv 
in  CS/Engg(any  branch)  &  5  yrs 
of  progressive  exp  in  IT.  Travel 
Involved.  Comp. Salary.  FfT.  Re¬ 
sumes:  HR,  Synergy  America. 
Inc.,  6340  Sugarloaf  Parkway, 
Ste  140,  Duluth,  GA  30097. 

Seeking  qualified  applicants  for 
the  following  positions  in 
Orlando.  FL;  Senior  Proaram- 
mer  Analvst.  Formulate/define 
functional  requirements  and 
documentation  based  on 

accepted  user  criteria.  Require¬ 
ments:  Bachelor's  degree  or 
equivalent*  in  computer  science, 
engineering,  MIS  or  related  field 
plus  5  years  of  experience  in 
systems/applications  develop¬ 
ment.  Experience  with  C++, 
Unix  and  transportation  revenue 
processing  systems  also  re¬ 
quired.  ’Master's  degree  in 
appropriate  field  will  offset  2 
years  of  general  experience. 
Submit  resumes  to  LaWanda 
Thompson,  FedEx  Corporate 
Services,  1900  Summit  Tower 
Blvd.,  Suite  1400,  Orlando,  FL 
32810.  EOE  M/F/D/V. 

Paradigm  Infotech  is  looking  for 
programmer/system  analysts, 
DBA,  s/w  engineers.  Candidate 
must  have  BS/MS  with  experi¬ 
ence.  Good  skills  in  C/C++, 
Java,  Oracle,  WebLogic,  VB, 
HTML,  ERP  are  plus.  Traveling 
required  for  some  jobs.  Apply 
iobs®  Daradiaminfotech.com. 

Programmer  Analysts  to  ana¬ 
lyze,  design  s/w  appls  using 
SAP  R/3,  ABAP/4,  C,  C++, 
Java,  VB,  JSP,  JScript,  HTML 
on  UNIX/Windows  os;  gath¬ 
er/document  reqs  from  user 
community;  test/troubleshoot 
project  appl  code  according  to 
system  objectives.  Require  a 
B.S.  or  foreign  equiv  in  CS/ 
Engg  (any  branch)with  2  yrs 
exp  in  IT.  Competitive  salary. 
F/T.  Travel  involved.  Resume 
to  HR,  Smartsoft  Internation¬ 
al,  Inc.,  3965  Johns  Creek 
Court,  Ste  500,  Suwanee,  GA 
30024. 

EOE.  No  call. 

Corpus,  Inc.  has  multiple  open¬ 
ings  for  IT  professionals  to 
design  and  develop  applications 
using  Oracle,  SAP,  SQL,  PL/ 
SQL,  COBOL,  C/C++,  VB,  Java, 
XML,  ERP,  ASP,  NT,  XSL.  Min 
BS/MS  with  exp.  Travel  maybe 
required.  Please  send  resumes 
to  resumes®corouslnc.com. 
EOE.  No  calls. 

System  Architect.  Judge 
Technical  Services  has  an 
internal  opening  for  an  IT 
professional  with  five  years 
strong  technical  experi¬ 
ence  with  MQ  Series, 
Java,  Unix,  Middleware, 
EAI  design,  development 
and  architecture.  Must  be 
willing  to  travel.  Submit 
resume  to  G.  Demos,  300 
Conshohocken  State 

Road,  Ste.  300,  Consho¬ 
hocken,  PA  19428-2949. 

Software  Engineers  needed. 
Seeking  candidates  w/  BS  or 
equiv  and  rel  work  exp.  Part 
of  rel  work  exp  must  include 
at  least  3  yrs  working  w/ 
Oracle  technologies,  J2EE  & 
XML.  Duties  include:  Installa¬ 
tion,  Design,  Development, 
Testing,  and  Deployment  of 
databases  and  software  sys¬ 
tems  to  using  HP-UX,  Oracle, 
J2EE/MS.NET  to  user  specs. 
Mail  resume  &  refs  to: 
Ozburn-Hessey  Logistics, 
633  Thompson  Lane, 

Nashville,  TN  37204.  EOE. 

Techgene  Solutions  has  open¬ 
ings  for  Software  Engineers  or 
other  IT  staff.  Candidates  must 
have  BS/MS  with  experience. 
Skills  in  Cobol,  JCL,  Oracle, 
SQL,  VB,  C/C++  are  plus.  Travel 
may  be  required  for  some  posi¬ 
tions.  Competitive  salary.  Please 
aDDlv  at  baouiiklSvahoo.com. 
No  calls.  EOE. 

Paradigm  Technologies  is  look¬ 
ing  for  program/system  analysts. 
DBA.  s/w  engineers.  Candidates 
must  have  BS/MS  with  experi¬ 
ence.  Good  skills  in  C/C++, 
Java,  Oracle,  WebLogic,  VB, 
HTML,  ERP  are  plus.  Traveling 
required  for  some  jobs.  Please 
aDDlv  at  iobs(®Daradiamtek 
.com.  EOE.  No  calls. 

Programmer  Analyst,  Sr.  for 
Sunrise,  FL  corp.  Must  have  a 
Bachelor's  Degree  in  Comp. 
Sc.,  IS,  Software  Engineering 
or  Math  and  5  years  exp. 
Must  have  solid  background 
using  OOP  architecture  as 
well  as  experience  with  MSS, 
DB2/400,  MS  SQL  Server, 
MS-Access,  dBase  and 
Oracle.  Please  send  resumes 
to  Laura  Callis,  Director  of  IT, 
1613  North  Harrison  Pkwy, 
Bldg.  C,  Suite  200,  Sunrise, 
FL  33323. 

BIOINFORMATICS 
ASSOCIATE 
RESEARCH  SCIENTIST 

Hartwell  Center  for  Bioinformatics 
and  Biotechnology 
(Job  Number:  09977) 

Lead  role  in  data  mining  and  visualization,  statistical  analysis, 
experimental  design,  and  database  development.  Train 
investigators  to  use  bioinformatics  tools.  Participate  in  algorithm 
development  and  assist  in  the  software  development  of  the 
application  and  development  of  computational  methods. 


Ph.D.  in  Molecular  Biology,  Biochemistry,  Bioinformatics  or  related  field 
is  required.  Minimum  2  years  experience  in  Computational  Biology  or 
Bioinformatics  research  is  mandatory.  Experience  with  programming 
languages  such  as  Perl,  C,  C++  or  Java,  and  microarray  data  analysis  and 
scripting  experience  using  R  or  a  comparable  statistics  package  is 
required.  Experience  with  pathways,  comparative  genomics,  SNP  or 
proteomics  data  analysis  is  desirable. 


Finding  Cures .  Saving  Children . 


St.  Jude  Children's  Research  Hospital  offers  an  excellent  salary  and 
benefits  package.  Qualified  applicants  may  apply  via  our  online  process  at 
WWW.Stjude.org/jobs,  please  include  the  Job  Number:  09977. 


Sagarsoft,  Inc  has  openings  for 
the  following  positions  to  work  at 
client  sites  throughout  the  U.S: 

ETL/Specialist:  Req.  exp  per¬ 
forming  data  modeling  and  data 
warehousing  working  with  ETL 
tools  and  Informatica/Datastage 
and  designing  Oracle/Sybase 
databases 

Net  Software  Engineer:  Req 
exp  working  with  ASP/net, 
ADO.net,  VB.  C#.net  and  EAI. 

DBA:  Req  exp  performing 
Oracle  database  design  using 
ASE  and  DB  Artisan,  writing  Perl 
Scripts  and  Setting  up  cron  jobs 

Project  Manger:  Req  exp  as 
Project  Manager 

SQA  Tester  Analyst:  Req  exp 
writing  and  implementing  BRD 
and  SRS  docs  and  preparing 
test  plans,  procedures,  formula¬ 
tions  scripts  and  cases  for  man¬ 
ual  and  automated  testing. 

SAS  Datawarehouse  Analyst: 
Req  exp  in  deployment,  design 
and  development  of  business 
objects  and  working  with  SQL 
server  and  SAS  programs. 

Apply  to:  Sagarsoft,  Inc,  78 
Eastern  Blvd,  Glastonbury,  CT 
06033. 


Software  Engineer  sought  by 
consulting  services  company  in 
Denver,  CO  to  work  in  Denver 
and  other  unanticipated  job  sites 
in  the  U.S.  to  engage  in  full  life- 
cycle  software  application  devel¬ 
opment  and  enterprise  wide 
integration  of  diverse  software 
applications.  Analyze  require¬ 
ments.  Create  application  archi¬ 
tecture,  design  infrastructure, 
code,  test,  and  de-bug  the  soft¬ 
ware  applications.  Use  Object 
Oriented  Design  techniques, 
J2EE,  JSP,  JAVA,  C++.  Servlets, 
WebLogic,  WebSphere,  relation¬ 
al  database  management  sys¬ 
tems,  XML,  UML  and  automated 
testing  tools  in  the  development 
process.  Requires  master's  in 
computer  science;  working 
knowledge  of  software  develop¬ 
ment  utilizing  Object  Oriented 
Design  techniques,  J2EE,  JSP, 
JAVA,  C++,  Servlets,  WebLogic, 
WebSphere,  relational  database 
management  systems,  XML, 
UML  and  automated  test  tools. 
(Working  knowledge  may  be 
gained  in  an  academic  or 
employment  setting)  M-F;  8am- 
5pm;  $76,275/yr.  Respond  by 
resume  to  Workforce  Develop¬ 
ment  Programs,  PO  Box  46547. 
Denver,  CO  80202  and  respond 
to  JON  CO5099627. 


COMPUTER  PROFESSIONALS 
Opportunities  for: 

•  SYSTEMS/BUSINESS/ 
PROGRAMMER  ANALYSTS 

•  PROCESS  CAPABILITY 
ANALYST 

•  QC  ANALYST 

•  WEB  ARCHITECTS/ 
DEVELOPERS 

•  SYSTEMS  ANALYSTS 

•  WEB  GRAPHIC  DESIGNERS 

•  NETWORK  ENGINEERS 

•  PROGRAMMER/ANALYSTS 

•  SOFTWARE  ENGINEERS 
SKILLS: 

•  COLD  FUSION  •  SPECTRA 

•  ORACLE  •  VISUAL  BASIC 

•  VISUAL  C++  •  SIEBEL  •  ASP 

•  COM,  DCOM  •  JSP  •  HTML 

•  JAVA,  JAVA  BEAN  •  EJB  JAVA 
SERVLETS  •  WEBSPHERE 

•  IBM  MQ  SERIES  •  XML, UML 

•  MTS  •  CLARIFY  •  PERL 

•  OBJECTPERL • SPYPERL 

•  SMALLTALK  •  PL/SQL 

•  VISUAL  AGE  •  COBOL.  SPL. 
UNIX 

Visit  our  website  @ 
www.computerhorizons.com 
Attractive  salaries  and  benefits. 
Please  forward  your  resume  to: 
H.R.  Mgr.,  Computer  Horizons 
Corp.,  49  Old  Bloomfield 
Avenue,  Mountain  Lakes,  New 
Jersey  07046-1495.  Call 
973-299-4000.  E-mail:  jobs@ 
computerhorizons.com.  An 
Equal  Opportunity  Employer  M/F. 


Sr.  Business  Systems  Analyst 
(Boston,  MA)  Manage  business 
systems  analyses,  develop  IT 
projects,  and  integrate  systems. 
Min.  req's:  M.Sc.  in  Computer 
Science  or  a  related  field  plus  2 
yrs  exp  in  job  offered  or  2  yrs 
exp  in  IT  project  development 
position  gathering,  analyzing 
and  documenting  technical 
requirements  for  software  appli¬ 
cations;  designing  and  develop¬ 
ing  software  solutions  to  inte¬ 
grate  applications;  and  working 
throughout  the  software  life 
cycle  including  analysis,  design, 
development,  system  selection, 
implementation,  testing,  sup¬ 
port,  and  evaluation.  Exp  must 
include:  development  of  multi¬ 
tiered  web  solutions  using  XML/ 
XSL,  SQL  servers,  Visual  Basic, 
COM/DCOM,  ASP  and  HTML  to 
develop  GUIs;  management  of  a 
team  of  developers;  develop¬ 
ment  of  applications  for  hand¬ 
held  devices;  maintenance  and 
integration  of  document  and 
contact  management  systems; 
and  management  of  day-to-day 
relations  with  vendors  and  con¬ 
tractors.  40  hrs/wk.  Send  res¬ 
ume  to  Ellen  Looney,  Human 
Resources  Manager,  Exchange 
Place,  Boston,  MA  02109.  EOE. 


The  MathWorks 

The  MathWorks,  Inc.  leads  the  market  in  developing  and 
delivering  high  performance  interactive  software  products 
such  as  MATLAB®  to  the  engineering  and  scientific 
communities.  We're  increasing  our  lead  by  hiring  the  best 
people  for  every  job  in  the  organization.  We  have  the 
following  positions  available  at  our  offices  in  Natick,  MA. 

Senior  Controls  Quality  Engineer 

Develop  test  suites  &  hands  on  testing  using  MATLAB  for 
Identification,  Controls  &  Estimation  Team. 

Senior  Design  Automation  UI  Quality  Engineer  (2) 

Develop  test  suites  &  hands  on  testing  using  MATLAB  for 
Simulink  &  Stateflow  User  Interface. 

Int’l  Sales  Account  Specialist  -  Latin  America 

Manage  reseller  location  &  selection  for  engineering  and  ■ 
scientific  products  &  develop  new  business  opportunities  in  j 
Latin  America. 

Senior  Quality  Engineer 

Develop  test  suites  &  hands  on  testing  using  MATLAB  for  ? 
Real-Time  Workshop  products. 

Senior  Release  Engineer 

Assist  in  build  &  test  of  code  changes  for  Controls  Design 
Automation  products. 

Systems  Services  Project  Manager 

Plan,  design,  implement,  control  &  dose  IT  infrastructure 
projects  for  multinational  locations. 

Senior  Consultant  [Engineer] 

Assist  customers  &  developers  in  MATLAB  programming 
and  model  construction;  provide  training  development  &  ; 

customer  demonstrations. 

Embedded  DSP  Software  Engineer 

Serve  as  Technical  Development  Lead  for  Simulink-based  j 
DSP  code  generation  product. 

Electronic  Automation  and  Design  Engineer  j 

Create  next  generation  EDA  (Electronic  Design  Automation] 
tools  for  products  that  interface  MATLAB  and  Simulink  with 
HDL  simulators.  ; 


Control  Systems  Product  Marketing  Specialist 

Implement  &  project-manage  strategic  projects  of  Control 
Systems  Technical  Marketing  Group.  Project-manage  inter¬ 
nal  &  external  projects  for  Industry  Marketing  &  Control 
Systems  groups. 

Software  Engineer  -  Desktop  Deployment  Products 

Develop  and  support  MATLAB  compiler  and  associated 
builder  products. 

The  aforementioned  positions  are  available  at  all  levels 
and  require  a  minimum  of  a  B.S.  or  M.S.  in  Computer 
Science,  Engineering,  Math  or  a  related  degree  and  0-8 
years  of  experience 

Additional  Opportunities  in  the  following  areas: 

•  Genetic  Algorithm  Toolbox  Engineer 

•  Simulink  Engine  Quality  Engineer 

•  DSP  Simulink  Blockset  Engineer 

•  Senior  Guide  Engineer 

•  Contract  Recruiters 

•  IT  Asset  Management  Analyst 

•  Distributed  Computing  Software  Engineer 

•  Install  &  License  Quality  Engineer 

•  Technical  Marketing  Manager 


Q>  For  fastest  consideration  interested  candidates  should 
e-mail  their  resume,  indicating  position  of  interest,  to 
resumes@mathworks.com  or  visit  our  career  pages  at 
http:/www.mathworks.com/jobs. 

Candidates  can  also  send  resumes  to: 

Attn:  Human  Resources  -  Job  Code:  IW1204  The  MathWorks, 
Inc.  Three  Apple  Hill  Drive,  Natick,  MA  01760-2C98 
8  We  are  an  equal  opportunity  employer. 


Vishay  Siliconix 

Device  Design  Engineer 

Design  advanced,  state  of  the 
art  discrete  power  MOSFETs 
for  computer,  telecom,  and 
automotive  market  needs 

Develop  new  device  structures 
and  process  technologies  for 
next  generation  Power  MOS¬ 
FETs 

Define  new  technology  thrusts 
based  on  interaction  with  engi¬ 
neering,  packaging  and  mar¬ 
keting  groups. 

Contact;  Vishay  Siliconix 
2201  Laurelwood  Rd. 
Santa  Clara,  CA  95054 


Elect.  Engineer.  Satellite  set 
top  box  development  using  C  & 
Assembly;  Open  TV  S/W  de¬ 
velop,  debug,  &  integration  into 
satellite  set  top  box.  Design 
satcom  components,  sys,  in¬ 
struments,  manuf.  specs;  install 
&  maintenance  standards  Est. 
cost  of  labor,  materials,  equip, 
&  construction;  plan  &  imple¬ 
ment  researcn  method  &  pro¬ 
cedures,  Develop  internal  test 
procedures.  Req.  MS  elect, 
engg  &  exp  in  C.  Resume  to 
R.  Kring,  EchoStar  Data 
Networks,  11  SO  W.  Druid  Hills 
Dr,  Ste  200,  Atlanta,  GA  30329- 
2121. 
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Lead  Analyst 

Multiple  Openings  (NC  &  PA 
Glaxo  Smithkline).  Develop  and 
support  prescription  systems 
business  processes.  Maintain 
and  enhance  existing  production 
data  loads.  Work  within  a  team 
environment  to  support  analytics 
and  ad-hoc  user  community. 
Provide  technical  user  support 
and  maintenance  for  CRx  data, 
including  dimension  delivery, 
tuning,  and  training  on 
SAS/Teradaia/Unix  environ¬ 
ment.  Maintain  front-end  PAS 
support  of  Visual  Basic/SAS/ 
Oracle  applications  and  provide 
additional  assistance  on  EVAL 
Informatica  ETL,  PRx  Call 
Activity,  Supplemental,  Growth- 
Track  and  SAS  as  required. 
Req.:  Bachelor's  or  foreign 
equivalent  in  Computer  Infor¬ 
mation  Systems  (in  lieu  of 
degree,  will  accept  equivalent 
education  and  experience).  4 
years  of  experience  in  job 
offered  or  in  IT  Analysis. 
Following  experience,  which 
may  have  been  obtained  con¬ 
currently:  4  yrs  SAS  Apps  dvpmt 
in  large-dataset  Unix/PC  envmt 
(biz  reqmts,  fund  specs,  time¬ 
lines  &  implementation);  3  yrs 
supporting  analytics  user  cmmty 
of  50+  users,  (issue  resolution, 
change  mgmt,  statistics  & 
process  impvmt);  2  yrs  DB 
prgmg  in  SAS  Access  to  remote¬ 
ly-hosted  large  Teradata  & 
Oracle  DBs,  Data  Warehousing 
dataloads  in  SAS/Unix  & 
Informatica  &  web  app  dvpmt  for 
SAS;  2  yrs  in  pharma  promotion¬ 
al  channels  analysis  &  longitudi¬ 
nal  data  analysis 

GSK  is  dedicated  to  an  innova¬ 
tive  workplace  and  supports  you 
with  career-long  opportunities  & 
learning.  We  offer  a  competitive 
benefits  and  compensation 
package.  For  confidential  con¬ 
sideration  please  forward  2 
copies  of  resume  to:  BHG  Box 
41951, 220  E.  42nd  St.,  14th  FI., 
NY,  NY  10017.  Indicating  ad 
code  "LA"  is  essential. 
Principals  only,  no  agencies. 
GSK  is  proud  to  promote  an 
open  culture,  encouraging  peo¬ 
ple  to  be  themselves  and  giving 
their  ideas  a  chance  to  flourish. 
GSK  is  an  equal  opportunity 
employer. 


Technical  Consultant:  Analyze, 
design  and  program  client/serv¬ 
er  applications  and  Tandem 
main  frame  servers  using  tools 
such  as  Test  Director  Win 
Runner,  Astra  Quick  testRational 
suite  and  silk  Test.  Responsible 
for  QA  testing  of  the  entire  soft¬ 
ware  development  life  cycle  of 
the  applications.  Will  design 
Java  and  Web  applications 
using  Oracle  and  SQL  technolo¬ 
gies  for  Database  Integrity 
Testing.  Demonstrated  ability  to 
work  with  multiple  platforms 
such  as  Windows  2000,  NT  and 
Unix  environments.  Demon¬ 
strated  knowledge  of  JAVA, 
HTML,  JavaScript,  shell  script, 
CORBA,  RMI  and  EJB.  B.S  in 
Comp  Science/Engin  or  Equiv¬ 
alent  and  2  years  experience  in 
Software  Development.  40hrs/ 
wk  (9:00  a  m.  to  5:00  pm) 
$86.154.00/yr.Please  send  two 
(2)  copies  of  resume/letters  to 
Job  Order  #2004-612.  P.O.  Box 
989,  Concord,  NH  03302-0989 


Software  Engineer  sought  by 
consulting  services  company  in 
Denver,  CO  to  work  in  Dublin, 
OH  and  other  unanticipated  job 
sites  in  the  U.S.  to.  under  close 
supervision  engage  in  moder¬ 
ately  complex  tasks  including 
engaging  in  full  life-cycle  soft¬ 
ware  application  development 
and  enterprise  wide  integration 
of  diverse  software  applications. 
Analyze  requirements.  Create 
designs  and  design  documenta¬ 
tion.  Code,  test,  and  de-bug  the 
software  applications.  Use 
object  oriented  design  tech¬ 
niques,  CORBA,  J2EE,  J 
Builder,  J  Unit  automated  test 
tools  and  SQL  in  the  develop¬ 
ment  process.  Work  is  closely 
monitored.  Requires  bachelor's 
or  foreign  equivalent  in  comput¬ 
er  science  or  related  field, 
including  mechanical  engineer¬ 
ing;  working  knowledge  of 
development  of  integration  soft¬ 
ware  applications  utilizing  object 
oriented  design  techniques, 
CORBA,  J2EE,  J  Builder,  J  Unit 
automated  test  tools  and  SQL. 
(Working  knowledge  may  be 
gained  through  employment 
experience  or  in  an  academic 
program.  M-F;  8am-5pm; 
$59,750/yr.  Respond  by  resume 
to  Workforce  Development 
Programs,  PO  Box  46547, 
Denver,  CO  80202  and  respond 
to  JON  CO5099634. 


PROGRAMMER/ANALYST  - 
Overland  Park,  KS.  Analyze, 
design,  program,  implement  & 
support  advanced  computer 
applications  utilizing  Java,  JFC, 
Servlet,  JSP,  Java  Script,  XML, 
XSL,  CSS,  Oracle,  SQL  Server, 
SQL  &  PL/SQL  under  UNIX  &/or 
Windows  operating  environment 
for  client/server  &/ or  internet- 
related  applications.  Analyze  & 
synthesize  business  require¬ 
ments  reviewing  client's  existing 
systems.  Define  system  require¬ 
ments  &  interfaces,  test  systems 
for  compliance.  Responsible  for 
system  installation.  Manage 
software  development  projects 
generating  resource  require¬ 
ments  &  implement  schedules. 
Req.  Bachelors  degree  in 
Computer  Sci,  MIS  or 
Engineering  (any  field)  &  one  (1 ) 
year  exp.  in  job  offered.  Contact: 
International  Systems  Tech¬ 
nologies  Inc.,  1812  Front  Street, 
Scotch  Plains,  NJ  07076. 


B'Ham,  AL.  VOIP  apps  engi¬ 
neers  to  configure  test  & 
document  VoIP  protocols  re 
interoperability  b/t  vendors  & 
conform  w/ITUOT  &  IETF 
stds.  Environ  includes  SS7- 
net  &  PSTN  arch;  Cisco 
routers  &  Linux/Unix.  Req: 
MSEE  &  exp  on  Cisco 
routers  &  Linux/Unix  operat¬ 
ing  systems,  VoIP,  routing 
protocols,  ATM  techn.  Res¬ 
umes  to:  S.  Wooten,  Com¬ 
petent  Staffing  Resources, 
3555  Koger  Blvd,  Ste  120, 
Duluth,  GA  30096. 


Senior  Test  Engineer  wanted  in 
Glen  Allen.  VA  office.  Must  have 
Master's  deg.  or  equiv.  in  Engin¬ 
eering,  Comp.  Eng.  or  related 
field  &  3  yrs.  testing  &  integra¬ 
tion  exper.  incl.  at  least  1  yr.  exp- 
er.  using  IP-based  Voice  &  Vid¬ 
eo  Unified  Messaging  systems 
&  VoIP  signaling  with  SIP  proto¬ 
col  as  per  RFC  standards,  Tele¬ 
com  &  VoIP  test  tools  for  com- 
formance  &  compliance  testing. 
Directory  &  Messaging  Servic¬ 
ers  with  UM  architecture,  testing 
of  SS7,  &  exper.  on  Italtel  iMSS 
SoftSwitch,  Cisco  BTS  10200 
SoftSwitch,  SIP  proxy  servers  & 
Media  Gateways  &  at  least  6 
mos.  exper.  with  Veritas  High 
Availability  architecture  using 
RAID  cluster  technology.  (A 
Bach.  Deg.  in  Eng.,  Comp.  Eng., 
or  related  field  &  5  yrs.  progres¬ 
sive  exper.  will  be  accepted  as 
equiv.  to  a  Master's  deg.  &  3  yrs. 
exper.)  Send  cover  letter  & 
resume  to  Corporate  Recruiting, 
Code  VARM,  LogicaCMG,  32 
Hartwell  Ave.,  Lexington,  MA 
02421.  No  third  parties  or 
phone  calls  please.  LogicaCMG 
is  an  EEO,  M/F/V  Employer. 


Software  Engineer,  under 
Supervision,  will  develop  soft¬ 
ware  engineering  standards. 
Will  design  and  develop  com¬ 
mercial  client/server  applica¬ 
tions  using  Oracle,  Visual 
Basic,  SQL,  C,  C++,  Fortran, 
WATCOM,  Power  Builder  and 
Unix.  Bachelors  or  Associate 
Degree,  with  3  years  experi¬ 
ence  required.  Competitive 
Salary,  40  hrs.  a  week.  Send 
resume,  HR  Manager  Inte¬ 
grated  Business  Group,  20 
Arcadia  Drive,  Suite  54,  North 
Waterboro,  ME  04061. 


Uson  LP,  a  Roper  Industries  compa¬ 
ny,  seeks  a  Software  Engineer  at  its 
Houston,  Texas  facility.  Candidate  will 
develop  new  features  and  sustain 
maintenance  of  Uson's  'Vector"  leak 
testers  used  in  automotive  and  med¬ 
ical  Industries.  Perform  de-tailed  soft¬ 
ware  design,  software  implementa¬ 
tion,  testing,  debugging,  and  docu¬ 
mentation  of  GUI  for  real-time  embed¬ 
ded  systems  for  commercial  and 
industrial  leak  tester  based  on  Object 
Oriented  Design.  Requires  a 
Bachelor's  degree  In  Engineering. 
Computer  Science  or  related  field 
plus  1  yr.  experience  as  Software 
Developer  or  Comput-er  Progra¬ 
mmer.  Must  include  experience  in 
object  oriented  programming  in  C++ 
and  Java;  OOD  programming  design 
concepts;  MS  Access  Databases; 
and  RDBMS.  Submit  resume  by 
email  to:  MRobison@Uson.com. 


Several  positions 
available.  Require¬ 
ments  and  salary 
vary  per  position. 
Send  resume  to: 
Srivatsan  Rama- 
chandran,  A.M.I., 
6145F  Northbelt 
Parkway,  Norcross, 
Georgia  30071. 


Information  Systems  Man¬ 
ager  (West  Caldwell,  NJ 
location):  Bachelor's  Deg¬ 
ree.  Knowledge  in  C++, 
Java,  Scheme,  Q-basic, 
Macromedia,  Dreamweaver 
and  Flash.  2  yrs.  exp  req. 
40  hrs/wk  9AM-5PM. 
Bilingual:  Korean/English. 
Fax  resume  to  973-618- 
2478. 


Eclaro  International,  an  IT  staf¬ 
fing  provider  (MBE  certified), 
has  numerous  openings  for  IT 
professionals  to  fit  different  posi¬ 
tions  to  design  and  develop  cus¬ 
tomized  applications.  Applicants 
must  have  BS/MS  with  related 
IT  experience.  Please  send  res¬ 
umes  to  kdacev@eclaroit.com. 
EOE.  No  calls. 

Corporate  Computer  Services 
(CCS)  has  multiple  openings  for 
System/Programmer  Analysts, 
S/W  Engineers,  both  entry  & 
experienced  levels  (minimum 
BS).  Use  skills  C/C++,  VB,  Or¬ 
acle,  etc.  We  are  small  but  we 
do  not  lay  off.  Attractive  wage  w / 
benefits.  Apply  HR@ccsiusa 
.net.  EOE. 


Software  Engineers  needed. 
Seeking  candidates  w/  MS  in 
Comp  Sci,  Engg,  Math  or  relat¬ 
ed  and  rel  work  exp.  Part  of  rel 
work  exp  must  include  1  yrs 
working  w /  XSLT,  HTML,  and 
Java.  2  years  of  experience  in 
entire  software  development  life 
cycle  plus  JavaScript  and 
Weblogic  preferred.  Duties 
include:  Design  comp  systems, 
analyze  reqs  and  customize 
software.  Must  be  willing  to  relo¬ 
cate.  Mail  resume  &  refs  to:  San 
Francisco  Systems,  Inc.,  PO 
Box  171,  Rockland,  ME  04841. 


Programmer  Analysts  to  ana¬ 
lyze,  develop,  test  wireless/web 
software  systems  using  C,  Java, 
XML/XSL,  J2EE,  JDBC,  EJB, 
JSP,  Servlets,  HTML,  ASP  with 
Oracle,  SQL  Server  databases 
on  Windows.  LINUX  &  UNIX 
OS;  determine  functional  reqs, 
write  functional  design  specs, 
evaluate  tech,  feasibility;  devel¬ 
op  reporting  system  for  wireless 
appl  on  web  servers/appl  server; 
provide  guidance  for  complex 
user  problems  and  trouble  shoot 
production  issues.  Require:  BS 
or  foreign  equiv  in  CS/Comp 
Engineering  and  2  yrs  exp  in  IT 
or  M.S.  in  CS/Comp  Engineer¬ 
ing.  Competitive  salary.  Full 
Time.  Respond  with  Job  code 
A2W1204:  HR,  Air2Web,  Inc., 
1230  Peachtree  Street  NE, 
Promenade  II,  12th  FI.,  Atlanta, 
GA30309. 


Software  Eng/Programmer 
wanted  by  National  Computer 
Systems  in  NJ  &  ME.  Requires 
BS  in  Comp  Sci  or  related  field 
w /  min  3  yrs  working  exp.  Job 
duties  incl:  design,  develop  & 
implement  intranet/internet  & 
client  server  applications,  includ¬ 
ing  ERP;  analyze,  review  &  alter 
programs  to  optimize  perfor¬ 
mance;  develop  programming 
stds  for  software  to  meet  new 
requirements;  direct  &  partici¬ 
pate  in  various  aspects  of  sys¬ 
tem  life  cycle;  estab  system  stds 
for  hardware,  software,  etc;  write 
software  development  docu¬ 
mentation;  test  the  developed 
application  for  software  QA; 
write  test  cases  &  system  plans. 
Fax  resume  to  732-940-2276 
(NJ)  &  207-221 -9999(ME). 


Systems  Engineer  wanted 
by  Energy  Measuring 
Device  Manuf.  in  Westbury, 
NY.  Must  have  MS  Degree 
in  EE  or  Comp  Sci.  + 
Extensive  Exp.  Send  res  to: 
Electro  Industries,  Fax: 
516-338-2637.  Attn: 
Personnel 


Programmer  Analysts  to  ana¬ 
lyze,  design  web  appls  using 
Java,  VB,  Java  Script,  VBScript, 
HTML,  DHTML,  ASP,  PHP, 
Access,  Oracle,  SQL  Server, 
Dreamweaver,  Active  X.  IIS 
under  Windows,  UNIX  OS;  gen¬ 
erate  batch  reports;  conduct 
user  req/feasibility  studies  & 
systems  analysis;  maintain,  doc¬ 
ument,  support,  test  and  debug 
appls.  Require:  B.S.  or  foreign 
equiv  in  CS/Engg(any  branch) 
with  2  yrs  exp  in  web  based 
appls.  High  Salary.  F/T.  Travel 
involved.  Resume  to:  HR,  Salem 
Associates,  Inc.,  405,  6th  Ave., 
Ste102,  Des  Moines,  IA  50309. 


First  Consulting  Group  is  a  lead¬ 
ing  provider  of  information 
based  consulting,  integration, 
and  management  services  to 
healthcare,  health  plan,  pharma¬ 
ceutical  and  other  life  sciences 
organizations  in  North  America 
and  Europe.  We  are  currently 
seeking  a  Technical  Master  III  - 
Technical  Integration.  Perform 
healthcare  integration  consult¬ 
ing,  analysis,  design  and  devel¬ 
opment.  Develop  interfaces  be¬ 
tween  applications  using  inter¬ 
face  engines  and  programs. 
Require:  Bachelor’s  degree  or 
foreign  degree  equivalent  in 
Computer  Science,  or  a  closely 
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experience  in  the  job  offered  or 
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industry.  Must  have  HIE  Clov- 
erleaf  Interface  Engine  certifi¬ 
cate.  Paid  travel  on  long  or  short 
term  assignments  to  various 
unanticipated  client  sites  within 
the  U.S.  is  required.  Send  resu¬ 
me  to:  recruiter@fcg.com  (pre¬ 
ferred)  or  DP-Human  Resourc¬ 
es,  First  Consulting  Group,  Inc., 
Ill  W  Ocean  Blvd,  4th  Floor, 
Long  Beach,  CA  90802  (No 
Phone  Calls  Please). 
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4  in  MM,  PP,  SD,  FICO  Oracle, 
Cognos,  Business  Objects,  In¬ 
formatica,  SQL,  PL-SQL,  Java¬ 
Script,  VBScript,  Html,  and  XML, 
etc.  Bachelors  Degree,  with  2 
years  experience  required.  Co¬ 
mpetitive  Salary,  40  hrs.  a  week. 
Send  resume.  HR  Manager, 
Integrated  Business  Group,  20 
Arcadia  Drive,  Suite  54,  North 
Waterboro,  ME  04061. 
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VPNs 

continued  from  page  1 

deluxe  VPN  gear  put  out  by  top 
network  vendors  such  as  Cisco, 
Juniper,  Nortel  and  Check  Point. 
“Offices  not  sending  real-time 
information  and  using  an  inex¬ 
pensive  [DSL  or  cable  modem] 
connection  rather  than  a  T-l  are 
ideally  suited  for  a  low-end  VPN,” 
says  Zeus  Kerravala,  vice  presi¬ 
dent  of  enterprise  infrastructure 
at  The  Yankee  Group. 

Vendors  such  as  SonicWall  and 
WatchGuard  cut  their  teeth  mak¬ 
ing  this  type  of  inexpensive  gear, 
although  both  also  now  offer 
higher-end  equipment.  Linksys, 
which  is  owned  by  Cisco,  and 
SofaWare,  which  is  owned  by 
Check  Point,  and  others  also 
offer  no-frills  VPN  equipment. 


Bank  of  America 

continued  from  page  14 

great  advantage.  We  can  be  more 
flexible  and  faster  on  deploy¬ 
ments,  especially  in  setting  up 
new  locations. 

Will  you  run  parallel  voice  networks 
for  a  while,  or  unplug  PBXs  as  the 
Cisco  gear  comes  online? 

We  will  run  some  parallel  net¬ 
works  for  a  while,  especially  in 
very  large  sites. Within  the  first 
year  we’ll  start  to  eliminate  some 
PBX  ports.  We  have  so  many  out 
there. The  benefit  in  eliminating 
those  systems  is  with  moves, 
adds  and  changes. Those  costs 
are  great  across  the  board  when 
you  talk  about  all  the  locations 
and  all  the  different  amounts  of 
moves,  adds  and  changes  we 
have  on  a  weekly  basis.  And  then 
equipment  and  maintenance 
will  be  eliminated.  ■ 


Such  gear  will  grow  significant¬ 
ly  in  popularity  over  the  next  few 
years,  from  460,000  individual 
units  sold  this  year  to  1.2  million 
projected  in  2008,  according  to 
Keith  Nissen,  a  senior  analyst 
with  In-Stat/MDR.  “A  lot  of  fire¬ 
wall/VPN  gateways  are  actually 
being  purchased  by  larger  cor¬ 
porations  and  being  deployed  in 
branch  offices  or  departments,” 
he  says. 

Companies  that  need  to  deploy 
a  VPN  to  hundreds  of  sites  or 
have  to  set  multiple  complex 
security  policies  for  different 
classes  should  not  consider 
these  options,  Kerravala  says.“But 
if  you  are  looking  for  very  very 
basic,  solid  security  —  say  allow 
three  types  of  traffic  only  and 
deny  everything  else  —  then 
these  are  fine,”  he  says. 

In  the  case  of  network  manage¬ 
ment  provider  Techno  Special¬ 
ties  in  Lubbock,  Texas,  about  25 
$300  Linksys  RV082  VPN  routers 
support  its  customers,  says  the 
company’s  director,  Tony  Dodd. 
The  boxes  at  each  of  its  cus¬ 
tomer  sites  let  Techno  Specialties 
remotely  administer  their  net¬ 
works,  and  in  some  cases  the 
appliances  also  connect  multi¬ 
ple  offices  run  by  a  single  cus¬ 
tomer,  he  says. 

“These  things  configure  them¬ 
selves  and  have  great  remote  ad¬ 
ministration  features,” and  are  half 
the  price  of  Cisco  831  or  1700 
routers,  Dodd  says.  Each  Linksys 
device  also  includes  an  eight-port 
switch  that  he  says  he  uses  to  cre¬ 
ate  customer  LANs,  and  dual 
WAN  ports  to  support  more  than 
one  Internet  connection. 

That’s  not  to  say  the  devices  are 
without  limitations.  For  instance, 
they  don’t  come  with  remote- 
access  software.  They  support 
third-party  VPN  software,  but  that 
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Low-cost  vs.  enterprise-grade  VPNs 

While  low-cost  VPN  gear  can  meet  some  business  needs,  there  are  features  that  only 
corporate-class  gear  offers. 

Low-cost 

Corporate  class 

Upside 

Upside 

Lower  capital  cost. 

Enterprise-grade  management  of  many  devices. 

Can  take  advantage  of  existing  server  hardware. 

Integration  with  other  network  elements  made  by 
same  vendor. 

Can  be  simple  enough  for  non-technical  branch/home 
office  staff  to  install. 

More  stable  tunnels  and  tunnel  restoration. 

Can  be  remotely  managed  individually. 

Higher  processing  speeds  and  more  sophisticated 
failover,  load  balancing. 

Downside 

Downside 

Limited  management  features. 

More  expensive. 

May  mean  a  business  has  to  deal  with  an  additional 
network  vendor. 

May  require  significant  training  of  IT  staff  to 
configure,  monitor  and  maintain. 

Stability  of  some  low-end  gear  is  questionable. 

May  require  swap  out  of  existing  routers  because 
gear  is  integrated  with  a  router. 

May  not  be  upgradeable  to  support  more  security 
features. 

May  include  too  many  features  for  basic 
deployments. 

is  so  expensive  the  cost  would 
override  the  savings  for  the  hard¬ 
ware.  “It  kind  of  takes  the  cost- 
effectiveness  out  of  the  equation,” 
he  says. 

The  Linksys  boxes  also  have  no 
management  platform,  so  he  has 
to  log  on  to  each  one  individ¬ 
ually  to  change  settings.  If  he  had 
any  more  of  the  devices  to 
administer,  he  would  be  over- 
loaded.“It’s  not  like  the  big-dollar 
stuff.  They  don’t  have  a  manage 
ment  utility  and  at  this  price  I 
doubt  they  ever  will,”  Dodd  says. 
“I  don’t  imagine  there  would  be 
too  many  businesses  that  would 
deploy  these  in  greater  numbers 
than  I  have.” 

The  boxes  are  also  tempera¬ 
mental  about  the  quality  of  the 
DSL  lines  to  which  they  are  con¬ 
nected.  VPN  tunnels  drop  if  the 
service  spikes.“We  have  to  power 
down  the  routers  and  power  up 
again.  [The  tunnels]  don’t  come 
back  up  very  nicely]’  he  says. 

The  University  of  Houston’s 
Center  for  Academic  Services 
and  Assessment  (CASA)  was 
looking  for  something  more 
sophisticated.lt  wanted  VPN  sup¬ 
port  to  secure  internal  and  exter¬ 
nal  access  to  testing  servers  and 
databases  that  were  part  of  vari¬ 
ous  virtual  LANs  within  CASA, 
says  Phillip  White,  the  center’s 
senior  information  architect. 

He  wanted  VPN  client  software 
included  as  well  as  site-to-site 
capabilities  and  a  management 
platform  to  set  policies  for  many 
different  classes  of  user.  IT  staff  at 
the  school  recommended  using 
Cisco  gear,  but  he  found  that 
SonicWall’s  Pro  5060F  firewall/ 
VPN  appliance  met  require¬ 
ments.  It  is  also  equipped  with 


anti-virus  software,  intrusion  de¬ 
tection  and  content  filtering.The 
Cisco  gear  would  have  cost 
$140,000,  he  says,  and  he  paid 
less  than  $60,000  for  the  Sonic- 
Wall  box. 

The  device  also  creates  VPN 
tunnels  with  smaller  SonicWall 
appliances  at  the  homes  of  key 
personnel  who  are  developers 
of  CASAs  testing  infrastructure 
or  IT  staff  who  need  full  access 
to  network  devices.  “We  can’t 
really  afford  to  have  a  full-time 
staff  24/7.  If  there  is  a  failure,  all 
we  have  to  do  is  notify  one  of 
these  people,  and  short  of  hav¬ 
ing  no  electricity  they  can  han¬ 
dle  anything  that  needs  to  be 
handled, ’’White  says. 

The  Gas  Company  a  synthetic 
natural  gas  company  in  Hono¬ 
lulu,  needed  VPN  capabilities  for 
traveling  executives  to  tap  into 
the  corporate  network  and  for  IS 
staff  and  telecommuters  to  con¬ 
nect  as  well.  The  company 
recently  bought  15  gas  stations 
that  also  connect  for  sales  and 
inventory  reporting. 

Money  was  a  concern,  so 
Everett  Yee,  the  company’s  net¬ 
work  specialist,  settled  on  using 
the  VPN  support  in  Microsoft’s 
Internet  Security  and  Acceler¬ 
ation  (ISA)  server  that  is  pack¬ 
aged  with  the  Windows  2000 
Server  the  company  already  had 
installed. 

The  ISA  server  supports  VPN  re¬ 
mote-access  clients  found  in 
Windows  XP  so  The  Gas  Com¬ 
pany  had  what  it  needed  to  turn 
up  a  VPN, Yee  says.  But  it  was  con¬ 
cerned  that  the  authentication 
that  came  with  the  software, 
Microsoft  challenge  handshake 
authentication  protocol,  wasn’t 


secure  enough.  So  it  bought 
e-Token  smart  cards  for  more 
secure  two-factor  authentication 
for  less  than  $1,000. 

In  the  case  of  Catalis  Health, 
the  company  that  uses  Open- 
VPN,  remote  users  connect  via 
machines  based  on  a  variety  of 
operating  systems,  including 
Windows,  Linux  and  MacOS, 
Duffy  says.  “OpenVPN  supports 
all  of  these,”  he  says. 

The  wizard  he  adapted  for  end 
users  to  request  digital  certifi¬ 
cates,  called  My  Certificate 
Wizard,  was  open  source,  as  was 
the  management  GUI  Catalis 
uses,  called  OpenVPN  GUI.  One 
possible  downside  of  these  is 
that  by  the  nature  of  open  source 
General  Public  License,  the  soft¬ 
ware  comes  without  warranties. 

Even  a  large  organization  can 
benefit  from  lower-cost  VPNs, 
Kerravala  says,  as  long  as  its 
VPN  capabilities  are  carefully 
matched  to  the  needs  of  the  sites 
it  serves. “You  have  to  use  a  solu¬ 
tion  that  fits  the  role  or  function 
the  place  plays  now  and  also  a 
road  map  of  what  you  might  do 
there  in  the  future,"  he  says.ff 


For  the  latest  information  and  expert 
insight  on  SSL  VPNs,  tune  into  our  IT 
Briefing  Webcast  featuring  Senior  Editor 
Tim  Greene. 
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And  you  think  your  IT  problems 

N 


ow  that  we  are  rushing  into  the 
holiday  season  groaning  slight¬ 
ly  from  the  excesses  of  Thanks¬ 
giving  but  still  licking  our  lips  in  an¬ 
ticipation  of  yet  more  turkey  and 
stuffing,  my  thoughts  are  drawn  to 
considering  Santas  IT  setup.  1  mean, 
just  think  of  it:  How  could  Santa  do 
his  job  without  some  serious  IT  support? 

I’m  sure  that  hundreds  of  years  ago  efficiency  and 
productivity  weren’t  much  of  a  problem  for  him,  but 
now  the  world’s  population  has  grown  enormously 
and  toys  are  more  complex  than  they  were.  So  it  is 
no  surprise  that  Santa  now  needs  support  for  HTML 
(Holiday  Toy  Management  Language), XML  (Xmas 
Making  of  Lists),  CSS  (Christmas  Stocking  Stocking), 
and  SOAP  (usually  Dove  but  anything  that  smells 
good  and  is  wrapped  in  pretty  paper  will  do). 

So,  what  is  the  scale  of  Santa’s  enterprise  IT  needs? 
Well, according  to  the  Population  Reference  Bureau, 
about  30%  of  the  world  population  (currently  about 
6.396  billion)  is  younger  than  15.  Assuming  that  50% 
of  the  world’s  children  believe  in  Santa  Claus,  rough¬ 
ly  15%  of  humanity  are  eligible  for  gifts  —  a  total  of 
about  960  million  children. 

If  each  child’s  database  record  contains  his  or  her 
full  name,  say  128  characters,  address  of  another  128 
characters,  naughty/nice  status  flag  of  1  byte,  a  list  of 


presents  he  or  she  has  previously  received,  say  1,024 
bytes  for  the  list  of  UPC  numbers  (that’s  Unified 
Polar  Code), and  a  few  control  fields,  then  Santa  has 
a  database  of  about  2T  bytes.  Given  the  database  is 
mission  critical  he  probably  has  a  hot  standby;  we’ll 
call  that  4T  bytes. 

Add  to  that  the  data  required  for  production  of  two 
toys  per  child  (that’s  just  less  than  2  billion  toys)  and 
supply  chain,  warehouse  and  facilities  management, 
plus  historical  data.Then  there’s  elf  resources  man¬ 
agement;  if  each  elf  can  produce  a  toy  per  day  and 
they  work  for  364  days  per  year  —  they’re  non-union 
—  there  must  be  approximately  5.5  million  elves  on 
the  payroll.  So  there  has  to  be  8T  to  10T  bytes  of  very 
fast  SQL  database-driven  storage. 

Then  there’s  Santas  logistics  operation,  which  must 
have  a  supercomputer  or  two  up  its  sleeve  because, 
with  960  million  stops  to  make,  Santa  needs  some 
serious  route  optimization;  this  is  the  Traveling 
Salesman  Problem  (TSP)  from  hell. 

Georgia  Tech  holds  the  record  for  the  largest  TSP 
solution,  calculating  the  shortest  route  for  visiting  all 
24,978  cities  in  Sweden.lt  took  the  equivalent  of 
roughly  84.8  CPU  years  on  a  single  Intel  Xeon  2.8- 
GHz  processor  (the  school  actually  used  back¬ 
ground  processing  on  a  cluster  of  96  dual-processor 
Intel  Xeon  2.8-GHz  workstations  between  March 
2003  and  January  2004). 


are  big! 

Assuming  Santa  needs  an  expeditious  way  to  hit 
his  960  million  stops  but  will  accept  a  partially  opti¬ 
mized  solution,  he  might  allow  the  problem  to  be 
divided  into  subsets  the  size  of  Georgia  Tech’s  solu¬ 
tion  and  optimize  each  one  individually.  If  the  NPIT 
(North  Fble  IT)  breaks  the  problem  into  subsets  of 
24,978  locations  each,  there  will  be  almost  38,843 
routes  to  solve.  Further,  if  we  assume  that  foreground 
processing  would  take  one-fifth  the  time  that  the 
Georgia  Tech  problem  took,  NPIT  would  need  about 
8,000  clusters  similar  to  Georgia  Tech’s. 

If  each  machine  occupied  a  1U  rack  space  and 
assuming  NPIT  uses  50U  racks,  there  would  be 
16,015  racks  or  roughly  128,000  square  feet  includ¬ 
ing  access  and  power  (around  120  megawatts  of 
power  would  be  required).  And  that’s  just  for  route 
optimization! 

Yep,  Santa’s  IT  guys  have  their  work  cut  out  for 
them. Their  job  is  not  only  mission-critical  but  they 
have  to  deal  with  enormous  scale  and  a  12-month 
business  cycle.  Assuming  a  l-to-200  IT-to-staff  ratio, 
there’s  at  least  30,000  people  in  IT  alone. 

So,  when  the  number  of  users  you  have  to  deal 
with  and  the  business  problems  you  have  to  solve 
are  driving  you  mad,  just  think  of  Santa’s  IT  depart¬ 
ment  and  enjoy  your  turkey 

Ho-ho-ho  to  backspin@gibbs.com. 


If  the  assertion  in  an  IBM  press 

release  reflects  reality,  a  full  40%  of  computer  users  take  password-based  secu¬ 
rity  about  as  seriously  as  they  would  the  Secret  Decoder  Magic  Game  card  I 
found  last  weekend  tucked  inside  a  bag  of  Cracker  Jack. 

In  recognition  of  Computer  Security  Day  on  Nov.  30,  IBM  offered  “TenTips  to 
Aid  Online  Security,"  No.  6  of  which  included  this  preface:  “Did  you  know  that 
40%  of  all  computer  users  use  the  word  'password'  as  their  password?” 

Uh,  no,  I  didn’t  know  . . .  and  I  don’t  believe  it  either.That  people  are  untrained, 
uninformed,  willfully  ignorant  and/or  irresponsible  is  beyond  dispute.That  four  of 
every  10  users  are  that  untrained,  uninformed,  ignorant  and/or  irresponsible  is 
beyond  belief. 

My  requests  to  IBM  for  an  explanation  —  or  at  least  a  source  for  that  number  — 
produced  neither.  Not  being  an  expert  myself  and  having  no  knowledge  of  any¬ 
one's  passwords  save  my  own  —  none  of  which  are  “password,”  by  the  way  —  I 
turned  to  Joel  Snyder,  a  Network  World  Lab  Alliance  member  and  senior  partner 
at  Opus  One. 

What  does  Snyder  think  of  that  “40%  use  password”  contention? 

“Oh,  that's  got  to  be  crap,”  he  says,  proving  once  again  that  the  man's  next 
minced  word  will  be  his  first.  “Maybe,  if  the  default  password  is  'password'  and 
everyone  gets  the  default,  40%  of  people  don't  change  it.  But  that's  the  help  desk’s 
problem,  right7  In  addition,  every  system  built  in  the  last  decade  has  dictionary 
checks  to  be  sure  that  people  don't  use  words  in  the  dictionary  for  their  pass¬ 
words.” 

When  Snyder  gets  on  a  roll  woe  be  to  thee  who  gets  in  the  way. 

"I  cannot  imagine  except  in  the  most  mis-run  of  companies  with  the  most  obso¬ 
lete  equipment  and  the  most  poorly  driven  policies  that  even  1%  use  the  word 


‘password,’”  he  continues.  “At  our  company,  it’s  not  even  possible  —  the  system 
won't  accept  it.” 

None  of  which  is  to  say  that  passwords  aren’t  a  massive  headache  for  IT  execu¬ 
tives  and  end  users  alike,  of  course. The  problem  has  become  so  conspicuously 
severe  that  The  Wall  Street  Journal  featured  a  front-page  article  Dec.  9  on  pass¬ 
word  management  —  and  mismanagement.The  gist  of  the  story  was  that  corpo¬ 
rate  strategies  for  dealing  with  the  regulatory  demands  of  Sarbanes-Oxley  and 
the  like  are  driving  IT  shops  to  impose  more  stringent  password  rules,  including 
mandatory  password  changes  as  frequently  as  once  a  month. 

One  can  safely  assume  that  few  of  these  companies  are  abiding  “password"  as 
passwords. 

Still  flocking  to  Firefox 

Here  are  a  few  of  the  most  recent  developments  bringing  smiles  to  the  faces  of 
those  who  have  developed  and  supported  the  Firefox  open  source  Web  browser: 
surpassing  11  million  downloads;  publishing  a  supporter-financed,  double-page 
advertisement  in  last  Thursday’s  New  York  Times —  replete  with  10,000  individual 
names;  and  learning  that  one  survey,  albeit  disputed  by  Microsoft,  shows  Internet 
Explorer's  market  share  dipping  below  90%. 

Then  there  was  the  news  that  IT  officials  at  the  University  of  Pennsylvania  are 
advising  students  to  consider  alternative  browsers  such  as  Firefox  in  the  name  of 
mitigating  the  security  vulnerabilities  that  come  bundled  with  IE. 

Conventional  wisdom  continues  to  cling  to  the  consensus  that  Microsoft  has  lit¬ 
tle  to  fear  from  Firefox  and  the  other  freebies,  in  particular  as  applies  to  large 
corporations.The  reasons  for  that  consensus  remain  sound. 

But  at  what  point  in  the  erosion  of  IE’s  market  share  —  down  to  85%?  75%?  — 
does  the  slippage  graduate  from  a  nuisance  to  a  real  problem  for  Microsoft? 

Passwords  change  whether  you  like  it  or  not.  My  e-mail  address  never  does: 
buzz@nww.com. 
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»  Wanted:  Shakers  and  movers — those  who  not  only  think  outside  the  box,  but 
who  smash  it.  Juniper  Networks  helps  you  change  your  company  for  the  better. 
Installing  sophisticated  connectivity,  instilling  confidence.  So,  take  command  of 
your  network  with  increased  intelligence,  ensured  reliability  and  impenetrable 
security.  Juniper  your  net. 


Juniper  Networks  is  proud  to  transform  security  in  networking  through  our  addition  of  NetScreen  Technologies: 

Deep  Inspection  Firewall  I  IPSec  and  SSL  VPN  I  Intrusion  Detection  and  Prevention  I  Antivirus  I  Central  Management 
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nfrastructure.  Got  a  second? 


The  highly  dependable  HP  BladeSystem  features  Intel®  Xeon™  Processors.  Now  it's  possible  to  react  to  changing  business  conditions 
in  real  time— in  seconds.  Application  deployment  and  reprovisioning  become  an  automated  process.  From  single  console  remote 
management  to  up  to  19%  power  savings2— the  HP  BladeSystem  is  designed  to  save  you  time,  money  and,  quite  possibly,  your  sanity. 
Which,  of  course,  could  be  the  most  compelling  reason  of  all  to  learn  more. 


THE  SOLUTION 

THE  BENEFITS2 

HP  ProLiant  BL30p  Blade  Server 

•  2  Intel®  Xeon™  Processors  DP  up  to  3.20GHz/2MB’ 

•  23%  savings  on  acquisition  cost 

•  High  density:  Up  to  96  servers  per  rack 

•  Up  to  19%  less  power  consumption 

*  HP  Systems  Insight  Manager™:  Web-based 

•  Up  to  93%  fewer  cables 

networked  managment  through  a  single  console 

•  Hot-swappable  server  design 

•  Flexible/Open:  Integrates  with  existing  infrastructure 

•  Rapid  Deployment  Pack:  For  ease  of  deployment 
and  ongoing  provisioning  and  reprovisioning 

•  Single  interface  for  integrated  remote  management 

Contact  HP  today  for  a  free  IDC  white  paper:  Adapting 
to  Change:  BladeSystem  Moves  into  the  Mainstream 


invent 


CLICK 

hp.com/go/Bladesmag5 

CALL 

1-800-282-6672 

option  5,  mention  code  AUFK 

VISIT 

your  local  reseller 

1  numbering  is  not  a  measurement  of  higher  performance.  2.  Based  on  internal  HP  testing;  compared  to  similarly  configured  HP  1U,  2P  server.  Intel.  Intel  Inside,  the  Intel  Inside  logo  and  Intel  Xeon  are  trademark  or  registered  trademarks  of  Intel  corporation  or  its  subsidiaries  in  the  United  States  and  other  countries. 

©20C<  treftlett- Packard  Development  Company,  L.P 


